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1) Understand and interact withicustoniers 

' ;.,:U " 


2) Manage supplier relationships onlinej 

3) Net rilin your life .. 


Netcraft 200CMnclUdes Web sites running on previous versions of Microsoft Winttows 


and Microsoft Comnwrce Server, © 2001 Microsoft Corporation. Ail ngtits reserved. Microsoft and BIzTalk are either registered trademark 






































he flexible Microsoft .NET Enterprise Server family, Commerce 
Server 2000 works with BizTalk™ Server 2000 and SQL Server™ 2000 
to offer you a less complicated and less time<;onsuming approach to 
building tailored, effective e-commerce solutions, For example, 




According lo Netcraft, the j| 
leading supplier of market 'f 
intelligence and Web server 
data, more e-commerce Web j 
site solutions are built on the I 
Microsoft enterprise e-commerce I 
platform than orr any other.* 

i 


Commerce Server 2000 comes 
: with fully functional out-of-the- 
box starter sites, and pre-built 
applications such as click 
stream analysis, to help you 


even faster. And with full XML support, 
moves from the wish list to the “done" list 


Of tradeniari,s of Microsof Corporation in the United States and/or other countties. The 


names of actual companies and products mentioned herein may be the trademark df their 


respective owners 


ahead and build Jhe effective site you're being asked 
, and still manage to have a life. To find out more, visit 

microsoft.com/commerceserver Software for the ^le Busings. 


management is asking for the moom quickly and cost-efficiently 
develop a site that offers a personalized experience for customers 
and partners. In the past, building-in the kind of robust data analytics 

take thousands of hours (most of them 
help: Microsoft Commerce Server 2000. 














Top 10 Reasons 
Why You Should Buy 




Funnel Web 


10. It’s the most accurate Web site visitor analysis tool available 

9. Everyone should own at least one product named after the 
world’s deadliest spider 

8. One of the developers once worked in the gear room of the 
world’s highest aeriai tram 

7. Buy the product and we’ll let you keep the CD 

6. It produces reports so beautiful you’ll want to carry them 
around in your wallet 

5. It runs on Mac, Linux, Windows, FreeBSD and Solaris 

4. Someone needed to start a new trend 

3. Thousands of your colleagues are already using it 

2. It’s 400% faster than competing products* 

And the #1 reason why you should try Funnel Web Analyzer is... 

(What, you think we’re going to give if up on the first date? 

Go to www.auest.com/toDl 0 to find out!) 


Funnel Web 

W Analyzer is one ^ 
part of our complete 
suite to map, manage 
i and measure your j 
^ Web site. 


‘Refers fo a recent independent review from Neiger Computer Consulting. 


SOFTWARE 


WWW. quest.com 


United States 1.949.754.8000 • Germany 


+49.221.5694.1111 • United Kingdom +44,1628.601000 • France +33.1.4131.96.96 • Australia +61.3.9811.8000 
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"You guys rock! 

You nsvor codso to siridzo mo with your 
competence, speed and reliability." 

Alex Byron, PCNineOneOne.com 



GET FANATICAL SUPPORT "AT RACKSPACE 

■ Get Instant Access 24x7x365 to Your Fanatical Support Team 

■ Get Up and Running in 24 hours. 

Get Servers snd Bdndwidth on Demdnd, 

■ Get the Most Knowledgeable and Responsive Team in Hosting. 

■ Get Peace of Mind Knowing Our Profitability Means Stability. 


2 MONTHS 



888 . 571.8974 


www.rackspace.com 


#1 hosting Linux, #3 in NTA/Vin2k.** 

*With a 12 month contract only. Restrictions apply. ** 
®2001 fiackspace Managed Hosting 


Over 3,500 servers under management. 

Based on survey of managed hosting companies, June 2001. 

















f S- ' ^ ^ By the turn of the millennium, Web sites v/ere supposed to be able to learn 

1 things about us and personalize pages on the fly. Why didn’t it work out? 


HOME PAGE 


l\/l e ,_ !\/l e , M e 



Atn1t Asaravala 


I In 1998, personalization was a hot topic among retailers | 

I and media outlets with active Web sites. Companies were * 
- looking for ways to enhance their online customer service 
I and experience, and numerous sites began copying the 
my.yahoo.com model. Pretty soon, most prominent B2C 

■ sites had some sort of “my site" feature that let customers i 
set preferences for the content on pages they were served. * 

Of course, no generation of technology appears without 
pundits instantly looking forward to the next generation of 
technology. Industry leaders have talked about the day when 
I sites would automatically learn your preferences by recording ^ 

■ and analyzing your habits. No longer would you have to scan 
! through newspaper headlines in search of interesting 

articles—your personal news site would automatically serve 
up recent articles about your favorite sports team. 

While academics were researching so-called personal 
I learning agents long before 1998, few sites had successfully 
implemented such a system. Commercial software for intel¬ 
ligent personalization was even scarcer. Surprisingly, the 
technology isn’t complex; Use cookies or a login prompt to 
! identify each unique visitor, modify the URLs on a site so 
' that each click-through generates a new database record, 

* and serve the main Web page via a script that checks the 
database and compiles a listing of recommended content 
based on a user’s previous history, 
i Despite this, only a handful of companies are developing 
{ personalization software that infers user preferences. Few 
I new companies have entered the space, and many of the 
initial vendors have disappeared, consolidated, or started 
selling content management solutions. When asked to 
name a site that provides personalized recommendations, 
most Web shoppers say Amazon.com. But then what? Why 
1 aren’t other sites implementing intelligent agents as a way 
to retain customers? 

Part of the reason is that the technology still seems 
complex from a distance. And it is, at some level: There are 
i many complicated statistical algorithms that you can incor- 
? porate into such a system to make it more accurate. This is 
' why vendors like BroadVision charge thousands upon thou¬ 
sands of dollars to do this for companies that don’t want to 
i do it themselves. But companies have forgotten that there 
\ are many levels to personalization. You don’t need an appli- 
i cation server if you only have 400 intranet users, with only 
ten using your application at the same time. You don’t 
, need an Oracle installation if you’re only performing a 
limited number of inserts and updates. The complexity of 
i personalization technology depends on your goals and the 
1 size of your audience. 

Some critics worry that personalized content will narrow 
browsing and purchasing patterns, not expand them. If a 


visitor reads an article about the Mets, then the system 
shows her more articles about the Mets. She reads those 
articles, which causes the system to narrow her content 
recommendations even further, and so on. It’s a bad cycle, 
but it can be remedied by incorporating other means of 
recommendations into the system. Amazon.com, for 
instance, analyzes groups of users as a whole to provide 
recommendations that an individual might not have 
considered. A news site could also have a Top Headlines 
section without any personalization features, and algo¬ 
rithms can be designed to keep one category from domi- 
natingthe personalized page. 

Another big worry is that collecting data on user’s habits 
can lead to a privacy nightmare. Consumers are increasingly 
wary of giving up personal information, even on an opt-in 
basis, and systems that monitor an individual user’s actions 
are often deemed Orwellian. However, the problem here 
isn’t technology. It’s policy. The solution is to take a 
consumer-first stance on privacy. Don’t gather more data 
than you need; don’t tie user patterns back to individual 
names and addresses; don’t take chances with your infra¬ 
structure security; and don’t sell customers’ data. Post the 
policy everywhere, and stick to it. 

The concerns that have kept intelligent personalization 
at bay can be overcome. It’s time to take advantage of 
learning agents and put them to use for retaining cus¬ 
tomers and giving them the unique experience we’ve been 
talking about for so many years. It’s no secret that repeat 
customers have higher yields than new customers because 
of the overhead costs associated with the latter. As long as 
companies start with a modest infrastructure and then 
grow to meet demand, personalization can be made to pay 
for itself over time. The technology for building the infra¬ 
structure already exists. All we need now is a little courage, 
and we can turn this next-generation vision into today’s 
reality. >< 



Editor in Chief 

Amit Asaravala 

amitgjwebtechniques.com 
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HostPilot was designed to put web server controls at your fingertips. From the first moment you 
create a virtual server^ you'll fee! the difference of real, hands-on control. 


HostPilot features that have web developers flying high 


Set up a web server in 10 minutes or less 
Manage your data sources on the fly. 
Create custom tags on the fly. 

Set user permissions on the fly. 


WebTrends 

More.... 


Microsoft^ 



Solution Provider 


Copyright Intermedia.NET, !rc. 2001. All Rights Resect. 

Microsoft Eicchange Server is a registered trademari^ of Microsoft 
CorporatiDri All other trademarks are property of their respective hokters. 


Experience the Ultimate Control Panel, first hand. 

Take a test flight at www.mtermeilia.net 

^INTERMEDIA. NET 

1-800-379-7729 

FOR FREE SET UP USE PROMO CODE WEBTEC2001 


WINDOWSNT 

WEB SERVER 

- 

or 


Plans from $24.95/month 


With support for: 

Active Server Pages 

ColdFusion 5.0 
CFFILE, CFDIRECTORY, 
and CFCONTENT tags 

Frontpage 2002 

SharePoint Team Services 

MS SQL Server 7 and 2000 

MS Access, FoxPro 

StoreFront and other 
shopping carts 

Verisign Payment Services 

Drumbeat 










































will Instant Messaging displace email, or will industry kill the golden goose? 


WEBMASTER’S 

DOMAIN 





Lincoln D. 
Stein 


The fun thing about killer applications is that nobody ever 

I expects them. When an industry pundit touts his or her 
^ vision of the Next Big Thing, you can almost always rely on 
; it being underwhelming when (and if) it actually arrives— 
j think VRML, active agents, and server push. Meanwhile 
some college kid or grad student whips up the real killer 
app in a dorm room, releases it to the world, and it 
becomes an overnight sensation. 

That’s what happened with music sharing. Just a year 
( and a half ago, Sean Fanning came up with the Napster 
I peer-to-peer protocol to make music sharing easy. Almost 
' overnight, Napster built a clientele of more than 20 million 
users and spawned a horde of imitators. Although Napster 
itself may fade away, the victim of a centralized search 
i architecture that’s vulnerable to legal challenges, music 
swapping continues with full vigor. A notable aspect of 
killer apps is that once they’re released, they can’t be put 
back into the bottle. 

f Have to Have It 

Instant Messaging (IM) is another killer application. America 
Online (AOL), seeking a middle ground between the tradi¬ 
tional chat room’s public free-for-all and email’s time 
delays, struck on two simple user interface tweaks that 
together transformed Internet communication. First, AOL 
created a buddy list that alerted subscribers when their 
friends came online. To this it added technology that let 
® subscribers send each other short messages that appear 
instantly in pop-up windows. This messaging system, called 
! AIM (AOL Instant Messenger), was a hit among AOL sub- 
’ scribers, and was widely copied. 


In 1998 AOL purchased one of Its imitators, an Israeli 
company called ICO, which had developed a similar tech¬ 
nology. Suddenly AOL users could IM around the world. 

'i'he effect was electrifying. In the three years since AOL 
pu-chased ICO, IM among the teenage and college age 
population has skyrocketed to a point where it threatens 
enrail as the medium of choice for Internet communica¬ 
tions. In typical killer app style, IM has been widely copied 
by competitors, including such heavyweights as Microsoft 
and Yahoo, and has spawned several open-source 
versions—most notably the Jabber messaging protocol. 
Last March, the IDC research firm estimated that there 
were 60 million IM users world wide, who together sent 
about 900 million instant messages per day. But only 
three months later, AOL announced that its messaging 
service alone had over 100 million users. 

Also in typical killer app style, IM is spreading upwards 
from the younger generation to the older one. The Gartner 
Croup, that bastion of industry punditry, released a belated 
report on IM last May revealing that business users are 
increasingly relying on IM in the workplace. Only a few 
years after email became a standard part of the office, it’s 
. being displaced by IM. 

In Japan and Europe, where Internet-enabled cell phones 
are already entrenched, IM has become the rage. I recently 
had occasion to take a street car In Linz, Austria. I was star¬ 
tled to see a group of children on their way to school, many 
of whom were hunched over their cell phones, furiously 
^ tapping away at the tiny keyboards. Rather than gossiping 
with each other, they were IMing with a larger community 
of friends around the world. 
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j It’s the results, not the 
\ technology, that 
I brings users on board. 




ActiveBuddy 

www.activebuddy.com 

Gartner: “AOL, Microsoft Heading for New Instant 
Messaging War” 

iwsun4.lnfoworId.com/articles/hn/xml/01/05/01/ 

oi050ihnnewwar.xmi?p=br&s=i 

Infoworld: “Microsoft Blinks First in Instant-Messaging 
Standoff” 

www,infowor!d.com/articles/ic/xml/99/ii/i8/ 

99iii8icaolspat.xml 

CNET: “New Microsoft Messenger Takes Aim at AOL” 

news.cnet.com/news/0-1003-200-6176378.htn1l 

CNET: “AOL, Microsoft Dissolve Windows XP talks” 
news.cnet.com/news/ 
0-i003-200-62954i6html?tag=mn_hd 


U.S. News: “Instant Message Phenom is. Like, Way Beyond 
E-mail” 

www.usnews.com/usnews/issue/010305/nycu/im.htm 

Technet: “No End In Sight For IM War” 

c0ntent.techweb.com/wire/st0ry/TWB20000817S0012 

Imici 

i^ww.imici.com 

Odigo 

www.odigo.com 

Jabber 

www.jabber.org 

Every buddy 

www.everybuddy.org 
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The Wars Begin 

when the courts restrained Napster, a dozen competitors leapt into the 
fray, fighting over its music-hungry audience of 20 million. Young 
adults, with their large consumer appetites and proportionately large 
discretionary budgets, are prime targets for marketers. If someone 
could only figure out how to promote products via a file sharing sys¬ 
tem, the marketing opportunities would be immense. 

Instant Messaging has the same attraction, except that it provides a 
more obvious technological path for advertising. Just as email has 
become a vehicle for unsolicited (spam) mail, there’s no technological 
reason why advertisers can’t have messages pop up on IM subscribers’ 
screens. AOL is already looking at ways to sell IM space to advertisers, 
and companies are springing up to exploit IM in various ways. For exam¬ 
ple, ActiveBuddy is attempting to breathe new life into the touted-and- 
faiied active agent and server push technologies by putting an IM user 
interface around them. 

With so much at stake, everyone wants to capture as large a wedge 
of the IM pie as possible. With over 100 million IM users, AOL is an 
appealing target. Unfortunately, its service is proprietary. Only AOL’s 
own AIM client software is officially authorized to access the AIM 
servers. For the past two years, various third-party IM services have 
been taking aim at AIM, creating gateways that let users of their own 
services exchange messages with AIM users, AOL has countered these 
attacks by blocking the third-party gateways or by changing its 
protocol slightly to make the client applications incompatible. In a 
few hours or days, the third-party services usually find ways around 
the blockade and sneak back in. 

This cat-and-mouse game started with small companies like 
Internet startups Imici and Odigo, but escalated into full-fledged 
combat when Microsoft jumped into the fray. When Microsoft 
connected its MSN Messenger service to AIM in the fall of 2000, AOL ' 
fought back by changing its servers to exploit a buffer overflow bug 
in Microsoft’s Messenger client. When attempting to exchange 
messages with an AIM user, the Microsoft client would crash while 
the bona fide AOL client would continue to operate. Muttering 
resentfuliy about anti-competitive practices and the need for open 
standards, Microsoft eventually retreated. 

However, the wars haven’t ended. By some industry reports, disputes 
over IM were an ingredient in the recent breakdown of negotiations 
between AOL and Microsoft to cross-promote AOL and the Windows XP 
operating system. With no agreement on interoperation, AOL and 
Microsoft will enter into head-to-head competition, with AIM’s large 
installed user base competing against Windows XP’s ubiquity and tight 
integration of MSN Messaging with the operating system. 

The Network Effect 

I don’t know who’il win the IM wars, but I know that, due to the network 
effect, at the end of the day only one IM system will be left standing. 

When the majority of people are using a single product, whether it be a 
word processing file format or a communications protocol, the advan¬ 
tages of using the same product begin to outweigh any other considera¬ 
tions of relative merits. This is why the universally interoperable SMTP 
protocol beat out such proprietary emaii standards as Lotus Notes and 
Microsoft Mali; why TCP/IP beat the OSI networking standards; why 
Microsoft Windows bested 05/2 and the Mac OS; and why Linux will 
never challenge Microsoft in the desktop applications market. 

However, this reasoning should give AOL pause. The network effect 
gives significant advantage to open technologies. This encourages 


product interoperability, and increases the likelihood that people will 
adopt the product because everyone else is using it. AIM is fundamen¬ 
tally closed. In the short run, people may be likely to sign up with AIM 
to gain access to AIM users. But in the long run, it’s more likely that AIM 
users will start to wonder why they can’t use the same interface to 
communicate with other IM services, and will turn instead to the ubiq¬ 
uitous MSN Messenger product that comes installed in every copy of 
Windows XP. To maintain its dominant position, AOL should merge AIM 
with ICQ and open its network to the world. 

Finally, the IM warriors shouldn’t lose sight of why IM is so popular. 
Many industry pundits misinterpreted the Napster phenomenon as an 
endorsement of peer-to-peer technology, and have helped encourage a 
horde of P2P offerings. Wrong. The Napster phenomenon isn’t about 
peer-to-peer technology, it’s about getting free music. 

Users aren’t excited by IM because it offers them stock quotes or 
news headlines delivered in real time (remember server push?), nor even 
by robots that page them with news on the opening of a movie they 
might like. IM is about social interaction, the same innate force that 
keeps a cell phone glued to a teenager’s ear as he or she wanders 
around the shopping mall, narrating moment-to-moment thoughts to 
friends. Anything that interrupts this social essence will be unwelcome 
at best. Woe betide the company that slays the golden goose. >< 


Lincoln is an M.D. ond Ph.D. who designs information systems for the 
human genome project at Cold Spring Harbor Laboratory in New York. You 
can reach him at lstein0cshl.org. 
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LEGAL CODE 



Digital rights management has gotten a bad name lately, but it’s a 
boon for those who need to fairly distribute intellectual property. 


DRM For the Forces of Good 


Bret A. 
Fausett 


As I write this, Dmitry Sklyarov, a Russian computer 

professional, is sitting in a United States federal jail await¬ 
ing arraignment on charges that he violated the Digital 
Millennium Copyright Act (DMCA). Mr. Sklyarov traveled to 
the United States from his home in Moscow to give a 
lecture at this year’s Def Con 9 convention in Las Vegas, NV. 
His topic? “E-books Security—Theory and Practice.” The 
presentation promised an overview of the “security aspects 
of electronic books and documents," including “a demon¬ 
stration of how weak they are.” In other words, Mr. Sklyarov 
was going to describe how to defeat the copyright protec¬ 
tion scheme found in a number of proprietary e-book 
formats. The day after the lecture, he was arrested. 

While the lecture at Def Con 9 was the occasion that 
brought Mr. Sklyarov within the jurisdiction of the United 
States and easy reach of U.S. law enforcement, it was work 
he had done for his company back in Moscow that allegedly 
violated U.S. law. His lecture may have been titled "E-Books 
Security—Theory and Practice." but it was the “practice” 
part that landed him in jail. His Moscow-based company, 
ElcomSoft, writes and distributes software products. One of 
these, the Advanced eBook Processor, takes files encoded 
for Adobe’s proprietary eBook Reader and translates them 
into standard PDF files. From there, anyone can read the 
text and copy, cut, or paste it into any other text applica¬ 
tion. In Russia, his software is perfectly legal. 

In the United States, however, the DMCA creates both 
civil and criminal penalties for “circumvent[ing] a techno¬ 
logical measure that effectively controls access to a work." 
For purposes of the DMCA, “circumventing a technological 
measure'" means descrambling a scrambled work, decrypt¬ 
ing an encrypted work, or otherwise avoiding, bypassing, 
removing, deactivating, or impairing a technological meas¬ 
ure, “without the authority of the copyright owner.” With 
that expansive definition as background, there should be 
little doubt that ElcomSoft’s Advanced eBook Processor was 
designed to “circumvent a technological measure that 
effectively controls access to a work.” In fact, that’s pretty 
much the software’s only purpose. 

The purpose of the encryption scheme built into Adobe’s 
eBook Reader, however, wasn’t solely to prevent unautho¬ 
rized copying. Digital rights management (DRM) has other 
important uses. 

DRM and U.S. Law 

Whether you villify or glorify DRM depends on how you use 
online intellectual property. Whatever reaction you have to 
words like Napster, file-sharing, and peer-to-peer, you’ll 
likely have the opposite reaction to DRM. Part of the prob¬ 
lem is that, in the minds of most Nettzens, DRM is inextri¬ 


cably tied to United States laws—like the DMCA—that create 
strong penalties for violating copy protection schemes. I’ll 
come back to Mr. Sklyarov and his DMCA problems in a 
minute, but for now, let me define a few terms without 
regard to the infringement and circumvention penalties 
that now exist under U.S. law. 

Disarming a Loaded Term 

First and foremost, DRM is exactly what it sounds like; 
management of digital rights. It’s not necessarily tied to 
encryption, locked files, or any other measures to enable 
copyright protection. In most implementations, DRM has 
copyright protection elements, but those elements don’t 
spring from a primary desire to defeat the public’s rights of 
fair use. Rather, copyright protection elements are the 
secondary effect of trying to solve other problems. Let me 
explain. 

In last month’s column, I outlined the concept of 
Internet rights as something new and distinct from the 
rights historically sold to intellectual property distributors. 
In New York Times v. Tas/n/, the U.S. Supreme Court ruled 
that a newspaper that had purchased the right to publish 
freelance articles in its print publication violated the 
author’s copyright when it made the same article available 
on digital media. To make that same article available digi¬ 
tally, the newspaper would have to separately license that 
right, typically for an additional royalty fee. 

The relationship between copyright owners and distributors 
who have licensed copyrighted works for distribution over the 
Internet defines the purposes of DRM. While a copyright 
owner and a distributor are sometimes the same entity, 
frequently the creator and the distributor are tied together 
only by a contract. That’s hardly surprising. Authors, artists, 
musicians, and programmers don’t typically excel as distribu¬ 
tors and salespersons—and vice versa. So the partnership is a 
natural one based on mutual need and benefit. 

To make the relationship work though, the creator and 
the distributor must have a clear understanding of what 
rights have been transferred and under what terms. In the 
brick and mortar world, it’s relatively easy. Whatever the 
copyright owner has created—an article, book, or music 
recording, for example-can be manufactured and packaged 
into something that you can hold or touch. That makes it 
possible to track items well enough to compensate the 
creator and keep limits on the distributor’s licensing rights. 

The Management Part of DRM 

Most people assume that an author’s royalty under a license 
agreement for the distribution of a new book is based on the 
number of books sold: royalty rate multiplied by number of 
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books sold equals payment to author. While 
that’s mostly true, the process is a bit more 
complex. Typically, intellectual property—in its 
shrink-wrapped, conventional form-is distrib¬ 
uted in several iterations and different territories. 
You might have one royalty rate for a hardback 
book and another for the paperback; one royalty 
rate for the United States and another for the 
United Kingdom; one for the English version and 
another for the Japanese version; one for sales in 
the first year and another for subsequent years. 
Time, place, and form are typical variants, but 
there are as many ways to arrange a royalty 
scheme as there are lawyers, agents, and 
accountants in the world. 

Dividing the world by time and place can 
actually benefit the creator of intellectual prop¬ 
erty. An author may have only written one 
book, but splitting the world into markets lets 
him or her sell rights to several different 
companies, each best able to distribute the 
property within that market. But all of this 
adds complexity. Some distribution companies 
have dozens of employees who take data from 
sales records and calculate the creator’s royalty 
based on a number of complex formulae. And 
the artists’ representatives often spend just as 
much time and effort auditing that work. 

As long as goods continue to travel through 
conventional distribution channels, we’ll 
continue to have the accounting nightmare 
that I just described. In theory, digital distribu¬ 
tion should make that process much more 
straightforward for sales of digital properties. 
With digital distribution, you can calculate and 
accrue royalties on the fly, and the calculations 
that now occupy entire accounting depart¬ 
ments can be automated. 

But if you’re going to do that, you need a 
DRM system. 

DRM Systems Can Do Good 

A good DRM solution takes a digital property 
that can be copied many times over—with each 
copy an exact duplicate of the original—and 
makes the copies unique. Whether the solution 
is a license number, a watermark, or some 
other specific, embedded, identifying feature, 
creating uniqueness out of identical digital 
copies preserves some of the good parts of 
conventional distribution operations. 

Most importantly, uniqueness simplifies 
counting. Any calculation of revenue or royal¬ 
ties requires you to count what you've sold. 
While you can certainly count identical things, 
counting unique things is more fail safe. If you 
lose track of your count, as you might in a 
system crash, you can more readily recreate the 


work you’ve done if you start with uniquely 
numbered digital properties. Uniqueness also 
empowers the creator to audit the distributor’s 
numbers and more easily verify that the 
amount paid as a royalty is accurate. 

DRM will play a particularly strong role in the 
delivery of media-rich intellectual properties 
over broadband. Labeling intellectual property 
with a unique identifier can have several addi¬ 
tional purposes in this context. First, it can 
specify that the property is a specific kind of 
data—a voice connection for an Internet teleph¬ 
ony connection, for instance, or a streaming 
movie. If ISPs and backbone carriers can iden¬ 
tify the specific content type, they can create a 
priority when routing it. This would ensure that 
voice and other streaming media take prece¬ 
dence over things like email, which more easily 
tolerates a one- or two-second delay. Second, 
the unique label can help ensure that the prop¬ 
erty is delivered to the right place. It also gives 
both the distributor and the purchaser confir¬ 
mation that what was charged to the consumer 
and delivered by the Internet company was the 
right thing and the same thing. 

While many Netizens are suspicious of this 
kind of content labeling, often called a quality 
of service initiative, it will solve many of the 
problems now inherent in digital delivery. 

DRM also ensures that online site operators 
dealing in a third-party’s intellectual property 
stay within their licensing agreements. Some 
DRM solutions, for example, let a site operator 
identify the location of the person who wants to 
download a given property. These location-based 
systems are usually only accurate to within a 
country, but for DRM that’s all you need. Do you 
only have the rights to deliver a given property 
within the United States? There are DRM solu¬ 
tions that can block downloads by anyone with 
an IP address outside U.S. boundaries. 

If you're delivering a third-party’s content 
through your Web site, having a DRM system 
that meets your needs and those of the copy¬ 
right owners is absolutely essential. 

The Dark Side of DRM 

Now back to Dmitry Sklyarov. 

Digital distribution is an amazing thing. The 
business and legal necessities of accounting for 
those distributions are one of DRM’s principle 
aims, but a lot of that has nothing to do with 
copyright protection. My long detour through the 
practical, business, and legal aspects of DRM 
wasn’t meant to excuse or explain the excesses 
of the Digital Millennium Copyright Act, or to 
provide a defense for the DRM excesses that 
attempt to lock every i and o into an unbreak¬ 


able digital container. You could realize many of 
the benefits that I described above with DRM 
solutions that made no attempt to address copy¬ 
right violations. 

As sympathetic as I am to the need to 
preserve the public’s right of fair use, dealing 
with licensed intellectual property requires 
great care when using digital distribution 
methods. It may make strong copyright protec¬ 
tion an absolute necessity. If you’re both the 
copyright owner and the distributor of a prop¬ 
erty, then by all means, feel free to use, or not 
use, a copyright protection scheme. Give the 
property away for free, or just make it easy to 
copy. But when dealing with a third-party’s 
property, you have a good faith obligation to 
ensure that the creator receives full licensing 
agreement benefits. 

Think again about practical realities. You 
may have licensed a property for the U.S., but 
someone else may well hold a similar right for 
the rest of the world. If you deliver a property 
that can easily be copied, you run a substantial 
risk that the property you promised to deliver 
only to U.S. residents will be copied and trans¬ 
ferred through unauthorized channels to other 
parts of the world. Digital distribution is only 
as good as its weakest link. Even if most of the 
distribution channels have strong copyright 
protection technologies, their efforts could be 
for naught if one channel has adopted a weaker 
solution. This could very well result in liability 
to the original copyright owner. Licensing a 
third-party’s property brings with it an obliga¬ 
tion to protect that property and ensure that 
its value isn’t diluted. 

When Dmitry Sklyarov delivered his lecture 
on “E-Books Security—Theory and Practice,” he 
likely had little idea that he would soon be 
arrested, or become a cult hero to some 
Internet users and a villain to others. 

What he did, whatever his motivation, was 
break a particular business model. Book distri¬ 
bution is the perfect example of an industry 
that depends on third-party creators. No 
publishing house maintains a staff of 
employee authors. This is the very place where 
building a digital strategy onto existing distri¬ 
bution channels makes the most sense. 

Making Mr. Sklyarov face a potential jail term 
in a foreign land Is undoubtedly excessive, but 
that shouldn’t undercut the importance of 
DRM in aiding the growth of a new industry. 

X 

Bret is an /nte//ectual property and Internet attor¬ 
ney, and a partner with Hancock, Rothert & 
Bunsfioft. Contoct b/m at bret(a^lextext.com. 
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Traditional retailers and surviving dot-coms are increasingly reliant 

upon affiliate marketing to drive their Web sites’ traffic and sales. Pay- 
for-performance is the norm as companies use affiliate marketing to 
generate new business in the tough economy. 

Affiliate marketing is the performance-based process by which 
content Web sites are compensated for sending customers to merchant 
Web sites. A merchant’s banner, product information, or text link to its 
site is posted on an affiliate site. The affiliate is typically paid a commis¬ 
sion for each visitor who clicks through to the merchant site and fulfills 
an action. The performance-based cost-per-action (CPA) model rewards 
affiliate sites based on a percentage of sales or other criteria. Software, 
either on the merchant’s system or at an affiliate solutions service 
provider, keeps track of the traffic, sales, and sign-ups directed to the 
merchant’s Web site. While some merchants use this process purely to 
drive sales, others use it as a way to gain new customers, or build their 
mailing lists. 

How It Works 

The system works best when the affiliates are happy, meaning motivated 
and compensated. To have happy affiliates, you must put forth a solid 
offer and back that up with the people and tools to make it work. 
Merchants typically pay an affiliate between 5 and 15 percent of each 
resulting sale. These payments are most often made on a monthly or 
quarterly basis. If you want a functional system, you’ll be mailing out a 
bunch of checks each month, and you’ll be doing it with a smile. 

Affiliate marketing fails when either the merchant or the affiliate tries 
to take advantage of the situation. To start, you must not view it as free 
advertising. Wannabe branders beware, affiliate marketing is no substi¬ 
tute for conventional cost-per-thousand (CPM) advertising. With CPM 
advertising rates at an all-time low, you should be out looking for deals 
on premium space, rather than looking to ride on an affiliate base. 

Some of the biggest firms are guilty of this, and they unfairly offer affil¬ 
iates a 1 percent commission on a product that isn't likely to convert to 
an immediate sale. 

On the other side of the equation, unscrupulous operators have dealt 
a serious blow to CPC (cost-per-click) advertising. Click-through fraud 


(when dishonorable operators reload a page multiple times) has put a 
damper on the low end of that market unfortunately, and merchant 
options are now far more limited. While careful affiliate selection might 
have helped stem the tide, some of the biggest marketplaces have 
closed. ValueClick (www.vaIueelick.com) and Fastciick (www.fastclick.com) 
are notable exceptions to this trend. 

It isn’t protectionism to note that a huge amount of click-through 
fraud is generated overseas. The networks know this, and limit their 
exposure to it. 

Delivering ROI 

Affiliate marketing has huge potential, but you must use it appropriately 
to gain its full benefit, David Feng, Vice President of Corporate and Prod¬ 
uct Marketing at Be Free, encourages marketers to find a good fit. 

“There are so many ways to use the affiliate marketing dynamic to 
increase revenue—from private programs made up of specific reseller 
partners to using different compensation models for different segments 
of partners," he says. “Merchants need to develop the right program for 
their own unique business needs and goals. And it’s equally important 
to have the right tools and technologies to efficiently support the chan¬ 
nel you choose to build." 

Affiliate marketing works for a wide range of businesses. Retailers 
most often use a cost-per-sale model to drive product sales. For 
instance, Global Sports (www.globalsports.com), an operator of 
e-commerce sporting goods businesses, uses a commission-based 
schedule for the affiliate programs it administers for retailers such as 
Dick’s Sporting Goods, Fogdog, and the Sports Authority. 

Paying a fixed bounty to acquire new customers is also common. 
eBay is just one example of a bounty-based program; the online auction 
house pays affiliates four dollars for each new referred member. 
(Merchants sometimes offer a combination of commission and new 
customer bounty.) Financial institutions, such as NextCard, pay a 
substantial fee for each completed credit application. 

The return on investment (ROI) generated by an affiliate marketing 
campaign is governed by the amount you invest. Not surprisingly, if you 
start a program and fail to adequately staff it, your results will suffer. 
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while affiliate commissions will consume a portion of your ROI, 
these figures are largely performance based. The type of campaign, its 
level of success, and the commission schedule all play into this. 
Merchant programs surveyed in the 2001 Affiliate Metrix Report show 
that just 23 percent cost more than $5000 per month to operate (not 
including salaries). 

If you allocate the proper amount of resources and stay the course, 
you’ll earn the returns you seek. “The program I manage has two full¬ 
time employees and an occasional intern dedicated to running it,” says 
Shawn Collins, manager of the affiliate program for ClubMom, a New 
York City firm that was launched with the Be Free network. “This 
enables us to focus on engaging a larger percentage of the affiliates 
with educational initiatives, and creating more tools and methods for 
promoting our program. Subsequently, we've eclipsed the ROI of our 
traditional media buys, and the program has typically been responsible 
for 70 percent or more of the daily recruitment.” 

As CPM rates have tanked, merchants and publishers are considering 
more CPA deals, in which the affiliate is only paid when customers click 
through to and make purchases from the merchant site. 

“At the start, we were 100 percent media buys at a CPM, and then the 
affiliate program launched,” says Collins. “As time went by, the affiliate 
program gradually took a greater share of the budget and the burden.” 
The focus at ClubMom continued to shift from CPM buys to the affiliate 
program. As Collins explains, “these days, the affiliate program is the 
horse that pulls the cart, and media buys are a supplement.” 

“In a lot of cases, we’ve been able to work on a CPA basis with high- 
profile sites that previously would only accept a CPM,” says Collins. “For 
the most part, the shift has been predominately toward a mix of 
CPM/CPA, and I think this is the most reciprocal for all parties.” 

Despite these positive results, some businesses still don’t believe in 
affiliate marketing’s effectiveness. “We believe that the biggest hurdle 
continues to be perceptual,” explains Wendy Salomon, Vice President of 
Marketing at LinkShare, an affiliate service provider. “There’s still a 
perception in some quarters that an affiliate channel is a marginal 
marketing effort, and isn’t as important or deserving of as much atten¬ 
tion as a national advertising campaign, for example. However, as 
marketing budgets shrink, it becomes clearer and clearer that the affili¬ 
ate channel is the channel showing the highest ROI.” 

In-House or Outsource? 

while most companies outsource affiliate programs, some continue to 
roll their own. I asked two industry veterans why each would use an 
affiliate solution service provider rather than run the program in-house. 

“This was never a question for me,” explains Shawn Collins. “If we had 
built it, it would have been more expensive to start up, and it would 
have taken significantly longer to implement.” Familiarity with the terri¬ 
tory is essential. “Unless your tech crew has intimate knowledge of the 
technical and functional needs of an affiliate program," says Collins, 

“it’s bound to produce a system that’s inferior to one built by the 
experts who continually refine the solution providers’ technology,” 

Running an affiliate network in-house takes time and technical 
expertise. Affiliate solution providers, on the other hand, are experi¬ 
enced at tracking traffic, sales, and sign-ups, and do so on their own 
servers, taking the pressure off your IT department. Some higher-end 
solution providers even recruit affiliates for you. 

Start-up costs for outsourcing can run from roughly $1300 up to 
$10,000 up-front for the first-tier providers. Ongoing costs are typically 
based on a percentage of gross (say 2 to 3 percent) or total affiliate 


payout (more than 25 percent). While it’s possible to purchase affiliate 
program software for under $1000, the ultimate cost of implementing or 
creating a system in-house depends on individual business needs. 

Brad Waller, Vice President of Affiliate and Business Development for 
EPage, an online auctions and classified network, helped launch one of 
the first affiliate programs on the Net. Waller offers a different perspec¬ 
tive. “When you are responsible for every aspect of the program, you 
have full control. Along with this, you can have a program that is 100 
percent tailored to your needs, as opposed to fitting into some other 
technology. Most of these providers are really tracking services with 
added bells and whistles.” 

“Any company that’s capable of creating its own system can reap the 
rewards of having full control over their system,” says Waller. Custom¬ 
ization is one of the biggest draws. “There is no provider out there that 
could power our program. I’ve challenged them to come up with some 
way to work with us, and haven’t had a taker.” 

As EPage’s experience has shown, by rolling your own affiliate 
marketing solution you can tailor it to your company’s needs, maintain 
complete control over the network—including its costs—and make it as 
large or small as you deem necessary. 

The Players 

If you plan to outsource your affiliate marketing program, there are a 
wide variety of service providers (see the sidebar for more information 
on providers). 

The affiliate solutions market has been through much of the same 
turmoil as the rest of the e-commerce world. Over the last year, the big 
three—Be Free, LinkShare, and Commission Junction-each endured 
some belt-tightening. Affinia and Nexchange, two notable start-ups, 
closed shop. ePod, a rich media marketer with an affiliate hook (and 
funding from Macromedia) died out earlier this year. And even Microsoft 
isn’t immune to the marketplace currents. Its ClickTrade service, 
acquired with LinkExchange in 1998, just shut down after a long run. 

A bevy of additional firms operate in the affiliate services arena; a few 
notables are listed in the sidebar. While there have been several closures 
among affiliate marketing firms, mergers and acquisitions have been 
sparse. Look for consolidation over the next 6 to 12 months. 

Managing an Affiliate Base 

Effective affiliate base management is crucial to your success. You can’t 
just start up an affiliate program and hope to have it run on auto-pilot, 
it must be actively managed. Affiliate service providers often leave it up 
to the client to manage the program. Quite frequently, however, clients 
don’t have the expertise to optimize revenues or results. Ongoing 
management and recruitment are also key issues. If you would prefer to 
use an affiliate providers network, but want someone else to recruit 
your affiliates, some providers offer program management for an addi¬ 
tional fee. Performics even includes management in its fee, which is 
purely performance based. Having a small number of affiliates helps 
make this approach practical. 

However, if you still plan to roll your own, the following tips from the 
experts can help you find and maintain a successful affiliate base. 

Shawn Collins has used several methods to recruit potentially high- 
performance affiliates for ClubMom. He has spent plenty of research 
time with the search engines, checking keywords and contacting the 
most relevant sites. He regularly consults the Media Metrix Top 500 
list and he recently started using the Internet Success Spider 
(www.affiliatemanager.net/spider.htm). 
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EPage uses a low-key approach to affiliate recruitment. “At the 
moment, they are finding us," says Brad Waller. “We haven’t done any 
paid advertising for over six months and we still have about the same 
number of affiliates coming to us.” EPage puts a “Powered by EPage" 
link at the bottom of each affiliate site it hosts, and it has discovered 
that satisfied affiliates will refer others. 

To be sure, there’s a movement afoot to end the reliance upon mass 
affiliation. Many affiliate program managers are trimming the fat. 
Managers are dropping inactive or non-performing affiliates so they can 
apply more resources to affiliates that are carrying their own weight. 
Collins says that he’s in the process of reducing ClubMom’s 8500-member 
affiliate program down to 5000 members. He’s dropping the inactive 
affiliates—those folks who joined and never bothered to put up links. 

Conversely, Brad Waller is wary of eliminating low performance affili¬ 
ates. He has found that it’s often more work to find and remove these 
affiliates (and tell them they’re gone), than it is to let them stay. “You 
never know when one of these affiliates will turn into a top performer," 
he says. “We had one affiliate who did nothing for months. All of a 
sudden, she had a $60 check. It kept growing from there. What 
happened? She graduated from college and decided to start promoting 
her Web site. She has been a consistent top-performer since then.” 

But low performing affiliates can also provide you with an opportu¬ 
nity to learn and refine your approach. “These affiliates will teach you 
what affiliates are looking for in a program. Learn from them, as well as 
from your top performers, and you can keep your program one of the 
most attractive in this crowded market,” says Waller. 

The Lines are Blurring 

There was a time, not so long ago, where CPM sat on one side of the 
fence and CPA sat on the other. The CPM model was embraced at 
the dawn of Internet advertising because it was easy to compare to 
other media. Those days are over. As you mull over the options in this 
crazy new world, here are a few developments you must consider: 


Be Free, the only affiliate service provider to achieve an IPO [not to men¬ 
tion a follow-on offering) opened the doors to the barnesandnoble.com 
program in the summer of 1997. While Be Free has shed a good number of 
dot-bomb clients since the start of the downturn [as has the competi¬ 
tion], it replaced these with big name companies like America Online, the 
Gap, Gateway, and Hewlett-Packard. 

LinkShare lays claim to one of the longest running networks, and gener¬ 
ates a whopping level of traffic and sales. The company was founded in 
1996 and quickly jumped to the forefront of the affiliate service provider 
market with its consolidated reporting functions. LinkShare clients 
Include AT&T. ISOOFlowers.ccm, OfficeMax, JCPenney, and Priceline. 

Commission Ounction sprang to life in 1998, with a distinctly mom-and- 
pop client base. Over the years, the company has expanded rapidly, 
acquiring sizeable clients in both the online and offline space. 
Commission Junction clients now include eBay, Yahoo, USA Today, and The 
New York Times. This firm scores points with both affiliates and mer¬ 
chants for its innovative features—such as consolidated payment and open 
reporting of metrics. The company has recently drawn heat, however, for 
raising rates and eliminating all CPC programs. 

Pepformics strode quietly onto the scene in 1998 as Dynamic Trade, tar¬ 
geting a distinctly non-dot-com clientele (with the exception of notables 
like online grocer Peapod and florist Proflowers.com). Performics clients 
are largely well-known catalog and direct marketers, which include Bose, 
Eddie Bauer, Hammacher Schlemmer. JC Whitney, Orvis. and Spiegel. 


Hybrid Model. The affiliate marketing field is quickly moving toward a 
hybrid model for the best properties. Blended deals, where affiliate 
revenues are added to a guaranteed CPM rate are becoming more 
common. As Collins notes, publishers have come around to accepting 
CPA, at least in part, due to the precipitous decline in CPM rates. 

Dynamic Performance Targeting. Fastclick uses this method to place 
merchant ads on the highest producing affiliate sites. “We will price a 
campaign based on whether it meets the objectives of the advertiser,” 
explains Jeff Hirsch, Chief Sales and Marketing Officer for Fastclick. 

Consolidated Reporting. Affiliates love the consolidated reporting they 
receive from affiliate solution providers. Seeing all of their network 
results in one place is an efficient way to monitor the program’s 
success. AffTrack, a fourth-party facilitator, even provides power affili¬ 
ates with consolidated reports across networks. 

Da What Works 

It’s time to shed outdated, unprofitable models. "Performance market¬ 
ing used to mean driving traffic. Performance marketing now means 
driving business,” says Hirsch. 

As marketers focus increasingly on top performing partners, it’s a 
safe bet that commission tiers will become more prevalent. “Top affili¬ 
ates will be in a better position to command higher commissions, 
because of the audience and conversions that they bring to marketers," 
says Bergin. “You could argue that ultimately, the strong will get 
stronger and the weak will get weaker." 

You want success? Never mind that old business plan. Do 
what works. >< 

Daniel (www.geekbooks.com) is the author of The Complete Guide to 
Associate and Affiliate Programs on the Net (McGraw-Hill), as well as a 
host of other books on graphics- and Internet-related topics. 




Performics runs tightly managed programs on a purely performance basis 
and offers a unique, full-service account management component that’s 
Included in the standard performance fee. 

Performics provides all of the affiliate management services in-house, 
removing the burden from the merchant. The company selects and man¬ 
ages each affiliate. While affiliates can initiate contact, Performics is 
very choosy. Recruitment typically happens at the request of the client, 
and Performics often scouts out potential affiliates, as well. 

Fastclick, an up and coming ad serving network, feeds banner and pop- 
under advertising to 4500 hand-approved sites. The company lets advertis¬ 
ers create blended campaigns, basing payments against sliding scales 
that use both CPM and CPC rates. The potential for click-through fraud is 
avoided through careful selecticn, 

Fastclick started small, and has run largely under the radar. Its revenue 
stream is largely performance-based. Clearly, with just eight employees, 
the start-small logic has paid off. 

A few more affiliate services that are worth investigating are: 
AffiliateShop {www.affil1ateshop.com}, ClickBank (www.clickbank.com), 

ClicKXchange (www.clickxchange.CDm). My Affiliate Program (www.myaffili- 
ateprogram.CDm), PluglnGo (www,plug1 ngo.com), and Quin Street 
(www.quinstreet.CDm). 

-DG 
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PRODUCT 

REVIEWS 


Verifi and E-Color 
Solutions 

Imation and E-Color 
www.imation.conn and 
www.ecolor.corn 

Contact vendors for pricing. 


What Your Customers See 
Even before the Web, accurate color reproduc¬ 
tion had long been a goal of the graphics and 
imaging industries. The e-commerce industry 
served as the catalyst for bringing accurate 
color display to the Internet user’s browser. 
Various studies and surveys by market research 
firms indicate that discrepancies between what 
the customer sees and the actual product sold 
account for a large percentage of e-commerce 
returns, undermining consumer confidence in 
online commerce. Faithful color reproduction 
would be a boon to the Web overall, benefit- 
ting academic and artistic endeavors in addi¬ 
tion to commercial ventures. 

Inherent Problems in Color 
Rendering 

Every input and output device has peculiarities 
in how it perceives or displays color. Different 
monitors, video cards, even room lighting, 
cause colors to be perceived differently. A 
certain monitor may emphasize blue hues 
more, or a particular scanner might produce 
greenish scans. Variations also occur between 
different units of the same product. 

The solution, then, is to calibrate each 
individual device and create a profile of its 
color characteristics. The International Color 
Consortium (ICC) profile specification pro¬ 
vides an open standard for sharing color 
profiles across applications and platforms, 
and is already in widespread use among 
graphics professionals. Color engines like 
Apple’s ColorSync account for the profiles of 
the image source and the target device, and 
adjust the colors so they display accurately. 
Returning to the example above, the color 
engine might tone down both blue and green 
when displaying a scanned image on the 
monitor, to compensate for the color biases 
in both devices. 

The obvious way to bring managed color to 
Internet users would be for browsers to 
support color management, letting a color 
engine transform an image before it displays. 
But current browsers don’t support color 


management, and 05-level support is uneven. 
Additionally, ICC profiles can range in the 
hundreds of kilobytes, an undesirable payload 
to attach to each image file sent over the wire. 
The image server products reviewed here, 
Imation's Verifi and E-Coior, extend color 
management up to the Web server. Dedicated 
image servers with built-in color engines 
compensate for each users’ display specifica¬ 
tions and render precorrected images back to 
the browser. 

How They Work 

Both E-Color and Verifi work in a remarkably 
similar way: end users are prompted once to 
run a Web-based applet that determines the 
calibration of the users’ monitors. Users have 
to squint at a series of images and choose 
matching areas of color. Both calibration 
applets then store a cookie on the user’s 
machine, to be retrieved by sites that use the 
respective systems. The cookies are very 
small, and aren’t full blown ICC profiles. When 
the user’s browser requests an image, the 
image server retrieves the calibration cookie 
from the user, dynamically transforms the 
image to compensate for the user’s display 
characteristics, and sends the corrected image 
to the user’s browser. The user only needs to 
run the respective Web-based calibration apps 
once and keep the resulting cookie. Both 
systems offer colorful icons that users can 
place next to images to indicate that the 
images are accurate and color corrected, or 
that merchants can use to invite site visitors 
to run their calibration applets. Both com¬ 
panies offer consulting services to whip their 
clients’ graphics creation processes into 
shape, and to remain buzzword compliant 
with their own investors. 

Accurate Web Color 

Verifi’s solution consists of two server compo¬ 
nents: Verifi’s own server, which calibrates 
the display, profiles the client, and creates the 
cookie; and the client’s servers, which trans¬ 
form and serve the image to the browser. Verifi 
licenses its software on an annual subscription 
basis, and bases its prices on a tier system. The 
cost to each client depends on the number of 
color-corrected images it uses. 

E-Color 

E-Color’s Web color management system 
comes in two flavors: Enterprise Imager, and 


True Internet Color. Enterprise Imager is a 
traditionally licensed server application that’s 
installed at the customer's site. True Internet 
Color is the ASP variant. E-Co!or’s servers han¬ 
dle its image transformation and delivery, and 
its customers are billed based on how often 
they use it. If the end user hasn’t bothered to 
calibrate his or her display and create a cook¬ 
ie, E-Color applies a default correction based 
on a statistically average display profile. 
Needless to say, such a correction won’t help 
those who need it most. Both Enterprise 
Imager and True Internet Color are essentially 
bundled with additional functionality; they let 
end users zoom and pan around an image, as 
in Mapquest. 

The server dynamically generates new views 
as requested. This capability is somewhat unre¬ 
lated to color correction, but the image server 
is a logical place to perform both duties. This is 
definitely a big plus if you need that sort of 
image viewing capability on your site. 

Encourages e-Commerce 

Is color accuracy the final piece of the online 
commerce puzzle? Many vendors insist that 
it’s the one thing that has been holding Inter¬ 
net retailing back all along. Both Verifi and 
E-Color cleverly solve color management's “last 
mile" problem in an innovative way. Little is 
demanded of the end user: with either system, 
the user sets up once (for each) and lets the 
system go about its business. The images on 
any site that uses EColor or Verifi are automat¬ 
ically translated when you access their site. 

The “last mile" problem in color manage¬ 
ment may also be solvable by other, more 
direct, methods. Apple has proposed additions 
to the W3C HTML specification to let browsers 
download abbreviated source profiles, either 
embedded in the image, or separately pack¬ 
aged in a manner similar to style sheets. If a 
site can standardize a source profile for all of 
its images, the overhead of downloading a 
profile will be negligible. If display calibration 
could be handled at the OS level (as it already 
is in Macs), correction would automatically 
take place without having to set a calibration 
profile for each competing, server-based, color 
correction system. It remains to be seen 
whether this browser-based approach will 
catch on. It’s potentially a lower-cost solution 
that will make managed color more accessible 
to the masses, and feasible for online classified 
ads and non-revenue producing applications. 
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This method won't work on the vast major¬ 
ity of the currently installed computer base. 
Uptake will be slower, which is OK for your 
personal photo album, but not if your busi¬ 
ness depends on accurate color immediately. 

It will be interesting to see whether EColor 
and Verifi will adapt to future developments. 
For example, perhaps the system might check 
the client browser to decide whether to cor¬ 
rect the image at the server or to send the 
browser an uncorrected image with a source 
profile. 

E-Color and Verifi are extremely similar 
technologies, right down to the calibration 
applets. They differ from each other mainly in 
their pricing structures, which seem to have 
elements of “let us size you up and guess how 
much you’re willing to pay.” Don’t forget the 
costs of integrating either solution with your 
current color management system, or imple¬ 
menting one from scratch. But if your online 
business sees a significant number of wrong- 
color returns, or otherwise depends on faith¬ 
ful reproduction of images, you should take a 
look at these products. 

—Charlie Cho 


ShoMaster 

ShoWiz 

www.showiz.com 

Contact vendor for pricing. 

Scenario-Based Personalization 

Existing online personalization solutions for 

your Web site assume that you know exactly 
who your site visitors are. That is, when a visi¬ 
tor enters your site, scripts are triggered to 
pump out dynamic welcome messages or some 
other sort of personalized content. Sites like 
Amazon.com use this type of personalization 
technology. 

ShoMaster. from ShoWiz, is a hosted person¬ 
alization service that provides scenario design, 
management, and deployment. This serves as 
an alternative to other kinds of personalization 
tactics that involve rendering content based 
on visitor identification. Scenarios are predeter¬ 
mined, business-rules-driven sequences of 
events. You can use scenarios to determine 
when and how to proactively render specific 
content to site visitors. Each scenario may also 
contain subscenarios, for granular control of 
dynamic, personalized content rendering. 

Because scenarios and past and current visi¬ 
tor interaction with the Web site determine the 


content, there’s no need—or attempt made— 
to identify each visitor’s exact identity. With 
scenarios, you can determine your visitors’ 
needs and interests proactively, anticipating 
their needs and preferences, in real time. 

ShoWiz was founded in 1999 as a streaming 
media solutions provider for retailers, radio 
stations, and event organizers. Its streaming 
service, called ShoStreamz. is often used in 
conjunction with ShoMaster for effective 
streaming video and audio usage online. 

Contextual Rendering in Action 

For a concrete example, let’s look at how a 
ShoMaster-enabled e-commerce site works. Say 
a visitor logs on, scrolls to a specific item, 
researches the description, and then clicks on a 
detailed view of the product. The visitor adds it 
to his or her shopping cart, and then abandons 
it. When the visitor returns to your site, you 
can specify that the system display a special 
coupon for the product that the visitor previ¬ 
ously abandoned. 

Or, if a site is designed to serve an ad dis¬ 
counting one of your products, but a visitor is 
researching the product or product line for 
awhile and ultimately decides to purchase the 
item, you can opt to not show that ad at all so 
you don’t cut down on your profit margin. 
Dynamic pricing is also supported, so if your 
visitor seems inclined to purchase a given 
product, you can give the item a slightly 
higher price or offer the customer a discount. 
When a visitor completes a purchase order, he 
or she must typically enter a street address. 
After you have this information, you can 
arrange it so that when the visitor returns to 
your site, the site displays a link or coupon 
to an offline store near to where this cus¬ 
tomer lives. In this way, you can channel 
online sales contacts into offline sales. 

For content sites, such as a financial/online 
trading site, you can serve up specific video 
footage based on a stock symbol that a visi¬ 
tor selects. Or you can show related links, 
news feeds, and even banner ads based on 
the URL that the visitor linked to during her 
last visit. 

Inside 

To design a scenario for contextual dynamic 
content rendering, set up specific portions of 
your site with the online GUI. a JzEE compli¬ 
ant Java applet. You can integrate the GUI 
with any CMS that’s browser compatible, 
which in effect, encompasses all solutions. 
(ShoWiz plans to integrate a CMS with the 
GUI in the near future through a partnership. 


Brand new service^! 

unpnisjctabil^;;^^ 
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though it isn’t solidified at the time of this 
writing.) 

The GUI features an Explorer-like view on 
the left of various elements, such as banner 
ads and coupons, that you want to render 
based on user context. The right side provides 
click boxes and drop-down menus that let you 
add various rules to each context, such as the 
duration of an ad or which generic Web event 
will trigger the elements’ rendering. The inter¬ 
face is clean and intuitive; the timeline view 
for the scenario is particularly helpful in 
understanding how an actual customer might 
interact with the site. 

As a hosted service, the scenarios you design 
are attached to your Web site with the GUI- 
generated HTML code, so it doesn’t affect your 
Web infrastructure and bandwidth. Because 
ShoMaster allows specific Web site elements to 
be scenario-driven, you don’t have to worry 
about rearchitecting existing Web elements 
like ASP, animation, and media players. The 
generated HTML code is a click away, so it’s 
easy to tweak and debug, customize, and add 
images and other multimedia files. 

Please note that at the time of writing, the 
service had only been launched for a month 
and half. However, ShoWiz had a number of 
clients, such as Black Radio Exclusive maga¬ 
zine {www.bremagazine.com), which were in 
the process of converting site channels into 
ShoMaster-enabled sites. Yet, I’m intrigued by 
the granular control it offers for delivering 
proactive content for visitors. Not all con¬ 
sumers enjoy fast Internet access, and with 
the advent of thin clients such as set top 
boxes, it’s becoming critical to serve content 
that’s immediately appealing to your cus¬ 
tomers. Even for a corporate intranet, enabl¬ 
ing ShoMaster on a site will help you serve 
your users better simply by anticipating their 
needs and rendering the content suitable on a 
granular level. 

—Charlie Cho 

Charlie is an independent consultant living in 
San Jose, CA. Email him at chor/fe^cheoux.com. 
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Molly E. 
Holzschlag 



Encouraging designers to think like programmers will shorten project 
life cycles and produce more innovative work. 


Designers vs. Programmers, 
Calling ..a Truce _ 



The “personality gap’* between programmers and 

designers is really a matter of perception. Unfortunately, 
the idea that artists only design and techies only program 
limits the productivity of today’s Web teams. 

Our education often teaches us that we are either creative 
or scientific, and never the twain shall meet. Employers 
extend that model, separating artistic duties from technical 
tasks. But how employees identify themselves significantly 
impacts the production process. Pigeonholing them isn't an 
effective way to produce quality work. 

Changes in Web technologies—especially the shift toward 
XHTML and XML—are forcing designers to think more like 
programmers and vice versa. This has created a growing 
movement to redefine and refine working roles. A recent 
conversation on Simon St. Laurent’s XHTML-L list inspired a 
stream of fascinating posts from list denizens. The discus¬ 
sion centered on personality types, how specific personali¬ 
ties approach problems in their design and development 
work. The thread got me thinking. 

The Problem with Stereotyping 

The transition from HTML to XML via XHTML has made Web 
markup more abstract. This presents a challenge for designers 
who don't know how to work with conceptual markup. In the 
tradition of the debate over open source versus proprietary 
platforms, passionate feelings about markup are emerging. 

XML is now strongly entrenched in both the present and 
future of Web design, and that has gotten designers’ atten¬ 
tion. XHTML forces them to think more like technologists if 
they expect to keep their jobs, and that’s a good thing. 

However, work teams have historically functioned by 
distinguishing roles. Designers are responsible for graphics, 
while programmers and developers produce code and func¬ 
tionality. This separation appeals to managers for numerous 
reasons: personality difficulties, rapid application develop¬ 
ment belief systems, and the need to delegate tasks effi¬ 
ciently. This model works, but integrating the components 
at the end of the process is time consuming and unwieldy. 

There’s little or no real communication between team 
members who work by strict task guidelines. Separation 
inhibits our individual and contributory strengths. How can 
I, as a designer or programmer, ever be given an opportu¬ 
nity to link programming concepts and design concepts 
effectively if I’m segregated from my team members? As a 
result of this separation, we lose potential innovation. 

More Similar than Different 

Steven Champeon, respected speaker, writer, and CTO of 
Hesketh.com/inc., points out that there’s as much creativi¬ 
ty in programming and technology as in design. 


“Programmers aren’t creative? Designers aren’t serious? 

] Please. Programming is as artistic an activity as playing 
I with colors and shapes," he says. “Just because program- ; 

■ ming isn’t primarily visual doesn’t mean it’s not creative or ' 
artistic. Sure, you do have to be conscious of the rules of 
; syntax, but any halfway decent designer who doesn’t take : 

' the constraints of his or her medium into account isn’t i 
j doing design-they’re just playing with colors and shapes." I 
I Champeon favors a broader perspective, “Please don’t | 

! perpetuate the silly split between visuals and hard core ’ 

I techies any more than is necessary.” ! 

I He has a point, and it’s an enlightened one. It’s rare to j 

; hear that design and programming are similar activities. , 

! After all, as I’ve mentioned, Western education divides j 
; people into one of two camps: liberal arts, or science and | 

] technology. We are, from the earliest points in our educa- j 

! tion, encouraged to follow our strengths rather than chal- ' 
lenge our weaknesses. By the time we start working, we’ve i 
I been successfully pigeonholed as a creative type or a techie, i 
I If we actually look at what design and programming I 

i require, there’s a lot of overlap. Both are acts of creativity ! 

I and precision if you’re doing them well. Both require a range j 
' of skills. Whether you’re designing or writing a program, a | 

I group of peers oversees your production process. : 

j Pulling colorful order from design chaos is no different j 
I than making logical, bug-free programs from the same | 
i chaos. Designers must not only understand color, shape, ; 

' space, and typography, but also how to use complex tools \ 

! to achieve results. Similarly, programmers must understand j 
! the component parts of programming as well as a range of i 
' tools. A well-written program is as elegant as a well- I 

1 designed visual composition, in essence, designers and j 

i programmers do the same things contextually, the content 1 
: is the major difference. | 

j I 

iThe Need for Hybrid Employees i 

' Not only is stereotyping employees a detriment to the work 
I we output, it also undermines the needs and goals of team 
i members. Many people working on Web teams are already j 
finding that they like sampling different tasks from both j 
the programming and design sides. i 

: “I used to work at a Web agency," says Nick Finck, editor ■ 

I and publisher of Digital-Web magazine. “! left because they | 
! didn’t allow me to express my true interests; hybrid devel- | 

; oper/designer.” People with diverse talents, Finck contends, 
i are the “only hope for finding someone who knows both 
i good design as well as what is conventional with markup. 

We need more hybrids in the world.” 

! The hybrid concept that Finck mentions is critical. The way i 
I we work today is more streamlined than the way we worked 
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a bit earlier in the Web’s evoiution. But, for now, 
hybrid personalities seem to be rare. When I 
meet someone who Isn’t intimidated by either 
programming or design, it’s usually someone 
who got started in the online industry very early. 
This is because most businesses structure the 
workflow in a way that limits employees. Giving 
employees a rigid job structure may make it 
easier to find the right person to blame when 
something goes wrong, but it’s not conducive to 
producing the best end product. 

Of course, there are those who disagree. 
James Eberhardt, Team Lead for technology and 
development at Infinet Communications, says. 
You let designers design, and programmers 
program, then each of them will perform their 
task at a higher level than if they had to do 
both. The end product will be superior.” 

But is that true? No. How many times do 
people knock heads, make unreasonable 
requests, waste each other’s time with fruit¬ 
less arguments that wouldn’t have had to 
occur if they better understood the other 
person’s position? 

Savvy project managers who’re interested in 
rapid site development and deployment can 
use employees’ individual strengths to advance 
that end. In fact, project managers spend most 
of their time translating program limitations to 
designers and vice-versa. This places the onus 
of effective team management and quality 
results on a single person. It’s a simple model, 
but not an effective one. Let individuals work it 
out and give them a sense of responsibility— 
and ultimately pride-in the combined effort. 

Encouraging Multiple 

Interests 

If there’s a split between designers and 
programmers in the workplace, that rift can 
delay completion of project goals. Even if you 
add a good project manager to the mix, the 
separation means that an awareness of prob¬ 
lems, limitations, and general concerns have to 
be communicated through a second party. 

Let’s take an imaginary case in point. The 
designer on our fictitious team is working in 
Photoshop, generating images for an approved 
composition. But the programmer has been 
told that certain portions of each page need to 
be dynamically updated. Looking at the design 
together, the programmer and the designer can 
easily solve problems that might arise before 
generating the graphics and code. But, if they 
just have their individual specs and follow 
them, the debugging occurs after the fact, and 
in some cases that means redesigning the 
whole approach. 


If the project had begun with everyone 
working together in a round-table fashion, the 
problem might have been avoided. What’s 
more, when all working members of a Web 
team educate each other about limitations, it 
saves a great deal of time and money. 

In this scenario, the manager’s role shifts 
from one of total responsibility to one of 
management and support. He or she can now 
focus on encouraging development of hybrid 
skill sets so that team members can communi¬ 
cate even more effectively, instead of chugging 
along separately and trying to cram everything 
together on deadline. 

If the manager works to integrate employee 
skills and support hybrid personalities in roles 
most suited to them, he or she can create a 
production process that really involves team¬ 
work and uses each team member’s talents to 
the utmost. 

But managers often crush hybrid potential 
without even knowing it. This usually happens 
because the manager in question is unaware of 
an individual team member’s thoughts about 
the production process. 

Talk to your team members and find 
out what each individual perceives as his or 
her unique strengths and interests. Think 
about the personalities of your team and 
encourage them to communicate their ideas 
without limiting themselves to a particular 
job designation. 

i 

f 

A Better Way to Work 

The scarcity of hybrid personalities is due in 
part to education. Add to that a workplace 
tendency to keep the design and technology 
departments separate, and problems arise with 
communication, streamlining the work 
j process, and of course, innovation. 

Alan Richmond, who was an original creator 
of the awesome Web Developer’s Virtual 
Library and now publishes Encyciozine sums up 
this idea very eloquently: 

“A good site isn’t built only by brilliant 
programmers, or by talented graphic artists, or 
by lucid content authors, or by insightful ? 
managers. It will be built by their synergy, each ’ 
one respecting the contributions of the others, 
and feeding off it for the inspiration for their 
own creativity. Building the Web is a collabora¬ 
tion at all levels." >< 


An outhor, instructor, and designer, Molly has 
written and contributed to numerous books 
about the Internet and the Web. Visit her Web site 
at www.molly.com. 
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At Hostway, hosting busing. ^ 
Whether you need a web site, an online 
store or dedicated server, we have the tight 
solution for you. Hostway is consistently 
ranked at the lop of web hosting providers 
because we are the best at what we do - 
delivering reliable, affordable web hosting 
with a level of dedication and 24/7 support 
unmatched by others. 

It’s not surprising that over half 
of our customers are referrals 
from existing customers. 

Don’t settle for anything less than the best - 
we’li give you the ‘prime cut’ in hosting 
every time, all the time. 


Gold Plan ■ te 
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Sign up today and get 
Free Setup! 

WWW. hostway.com/promo/webtech 


Toll Free 1.800.397.2449 

sa le s@ h ostway. com 

WWW. ho St way, CO m 



The Hosting Company ^ 
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Domain Name 
Registration 


Additional Domains 
k V (Windows 2000) 


Additional Domains 
(LINUX) 


/month 


/month 


Microsoft 

SharePoint 


Discounts! 


Shopping 

Cart 


aitcom.net 

sales@aitcom.net 


Secure Digital 
Certificates , 


Dedicated and Co-locaticn Solutions 
ASP Hosting Solutions 


No Setup Fee If Switching From A Competitor 


tsundard Ac^.nts) dr $7S/mor.td (dl«s Accounts:, 


HOSTING 


Advanced Internet Technologies 


'AIT'S unique & powerful Virtuaf Server Technology (VSTJ gives you ihe compedlive edge' 
"Includee lots of FREE standard features you can RESELL* 


FREE Domain Name Registration 
www.y ou rcompany. com 
TOLL FREE Technical and Billing Support 
Dedicated IP Address on VST 
Sg.9% Network Uptime Guaranteed 
30 Day Money Back Guarantee 
Unlimited Hits 

Application and Ecommerce Hosting 
Ecommerce Enabled and Ready 
Secure Credit Card Processing 
' Redundant OC12 & DS3 Backbones 
I Redundant Cisco 7000 Series Routers 

> On-Site UPS & Generator Backup 

• Your Own FTP Directory 

> Your Own CGI-BIN 

■ Access to all config flies 

• Unlimited POP Email Accounts 

• Unlimited Email Forwarding/Aliases 

• Unlimited Email Autoresponders 

• Anonymous FTP 

• Password Protected Directories 

• Easy to Use Control Panel 

• Online Billing Status 

• Real Time Ticket Support System 

• Webalizer Statistics and Log Files 

• Daily Tape Backups/DataVault 

• MS FrontPage^Extenslons 

• FREE Marketing Newsletters 

• FREE Park Domains 

• FREE SSL & PGP* 

• FREE CGi/JAVA Libraries 

• FREE AIT Mail Listing & PAL 

• FREE MCart Webstore / Shopping Cart 

• FREE Guestbook & ChatRoom 

• FREE Customer Support Queue 

• Telnet Access - SSH Access 

• mSQE and MySQL Database Support 

• Real Audio/Video capabilities 

• MacromediaT Adobe* NetOt^ects Fusion" 

• MCPS? CyberCash* Payment Nef 

• eToolS Office Suite - chat, wab Band Email 

0BS. Awctiort, CalenddFr Batirter e3w;harige 

• WAP Enabled (Wireless) 

• FREE Search Engine Submission 
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Virtual 
Sorver 1 

Virtual 
Sorvor 1 

Virtual 
Server 1+ 

Virtual 1 
Server 3 [ 

Virtual i 
Server 3+ : 

Win2K 

Powcrsite 

W1e2K 1 
Reseller ;| 

j Disk Spisce {can be custamiztHj) ' 

155 MB ' 

300 m 

140 MB 

700 MB 

----—^—■—i 

720 MB 

155 m 

350 MB 

- ----———— -—-- 

1 Max # 01' {JosTiakns you can host 

N/A 

25 

25 

75 i 

75 

N/A 

25 

!" Base Moithtv Server Cost 

$16,95 

S59.95 ' 

^ $89.95 

$149,95 j 

$199,95 

$16.95 

$89.95 

Max^ per d-orrain cost ^ $2.00/e)Ofnain/mo i 

N/A 

rTso.oo 

$50.00 

$150.00 

P $150,00 

j—■ -^ 

N/A 

$125.00* 

Max. possible cost to you/ month 

$18,95 

r7l099S 

$139,95 

1 $299.95 

[ £349,95 

sia.95 

$214.95 

Yoor moTtbly gross profit @ $19,95 <101713(0 


|'$49a.75 ; 



$1,496.25 


$49S.7S [ 

YoS^OfitNy net profit re;setifrtg hosbpg : 

N/A 1 


' $3S8.aO J 

1 $1,196.30 ^ 

$1,146.10 ■ 

N/A I 

$203,SO f' 

■ . i , r-r - 1 - -- - - - -- 

APdttionAl Prom; Resell Eng AH Extras*' 

N/A 

[$1,250.00 

$1,875,00 

1 $3,750,00 

ssMsm 

N/A 

$1,350,00 

ToU! Honttiiy Profit 

H/A 

j $1,618.80 

$2,233.80 

j $4,946.30 

$6,771.30 

N/A 

$1,513.80 1 


































































People need to share their ideas, opinions, and knowiedge online. Just 

look at all of the people who write lengthy book reviews on Amazon, I’m 
sure not one of them is thinking, "It’s very important to me that 
Amazon sells more copies of this book.” Instead, they’re thinking, “I 
really loved this book, and I want everyone to know it.” 

Giving these people the ability to talk to each other on your site can 
benefit your enterprise. Not only are you empowering your users to help 
each other, but you’re also getting a front row seat to the questions 
people ask about your product or service. Companies used to have to 
pay for that kind of thing—it was called focus groups. 


Story 

Many sad stories begin with “it was 3 a.m.” This. I suppose, is mine. 

It was 3 a.m. when I decided that I needed Japanese installed on my 
Mac. It’s not as crazy as it seems. A Japan-based visitor had volunteered to 
translate some of the content on one of my sites into Japanese, so I said 
“why not?” If you start trading email with people on the other side of the 
world, you wind up sending a lot of email in the early morning hours. 

When he sent me the Japanese content that morning, I realized I 
would need Japanese installed on my computer if I was going to see it. 


online 

resources 


doing it right 


Not that I’d be able to read it, but it’d be a comfort to know it wasn’t 
just a long string of question marks before I put it on the live server. 

So in went the install disc, click went the mouse, and bong went the 
Mac (I had to restart—it is a Mac, after all). After the computer rebooted, 
I looked at the Japanese pages. They were beautiful. Indecipherable to 
my eyes, but beautiful nonetheless. 

As I was closing my Web browser, feeling very pleased with myself at 
how easily all of this had transpired, I saw it: A little U.S. flag icon at the 
top of my screen next to the date. It was as if my computer had devel¬ 
oped some kind of guilt complex now that it had more than one 
language installed and felt the need to assert its American pride. 

Maybe it was the fact that it was now 330 a.m., or maybe it’s 
because I’m a bit of a design freak, but that little flag icon really bugged 
me. I set myself to the task of purging it from my screen. 

I removed extensions willy nilly, slowly sacking my system. When 
that didn’t work, I used the Uninstall feature on the CD. When that 
didn’t work, I did something I almost never do, I went looking for help. I 
put my hands together, gave a short prayer, and visited apple.com. 

What happened next was so perfect, I have to tell you about it click 
by click. At the top of Apple’s home page was a tab called Support. 


Three companies that 
have tamed the wild 
Web and created truly 
useful user-based 
support communities. 


Apple Discussions 
discussions.info.apple.com 

Easy to navigate, convenient searching, and handy 
bookmarking all make this site stand head and shoulders 
above the rest. What does Microsoft do? Shove you into 
Usenet. While that may make sense for the Net-savvy 
developers, my mom sure wouldn't do well there. 

Adobe User to User Forums 
www.adobe.com/support/forums 

Classy design and powerful tools separate Adobe from the 
rest. They also go a long way toward fostering community 


In the forums, adding Featured Hosts and the Guest Spot 
Forum where visitors can “talk with special movers and 
shakers in our community.” 

AVS TiVo Forum 

www.tivocommunity.com 

The passion the users show for their beloved TiVos on this 
site more than makes up for the cheesy icons and spotty 
toolset. This is the central hub for all things TiVo. 
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click. On the Support page there was a link that said Discussions. At 
this point I was thinking, “Hey, I bet someone else has had this prob¬ 
lem.” Click. On the Discussions page, I selected Mac OS 9, because 
that's what I was running, and all of this started when I installed some¬ 
thing from the OS 9 disc. Click. 

On the Mac OS 9 page, there was a clearly labeled search box: Search 
Mac OS 9 Discussions. 1 clicked my cursor into the box and paused. 

What to search on? In desperation, I typed “flag icon." Click. 

The second entry on the results page was like manna from heaven (see 
Figure 1). Someone named Kam Cheng had already had my exact problem 
and posted, "Do you know how to get rid of the little flag icon in the 
menu bar? It doesn’t go away after the language kit’s uninstallation?" 

Kam Cheng, you are my new best friend. 

One click on Kam’s subject and I found the answer to my prayers. 

Don Archibald, represented by a small cat icon, had already answered 
the question, "Go to the Keyboard control panel. In the scrolling list of 
keyboards, reduce the selected keyboards to just one-the one you are 
using. The flag (the keyboard menu) should then disappear, because 
there are no choices to be made. Good luck,” 

Now, why didn’t I think of that? 

As 1 happily followed the advice posted by Archibald, I marveled at 
the whole exchange. I’d found the answer to an obscure technical prob¬ 
lem, a problem I couldn’t solve after several hours of banging my head 
against the keyboard and more bonging restarts than 1 ever want to 
hear again, and it only took five clicks. At B 3 -m. 

Here’s the kicker: Don Archibald doesn’t even work for Apple. 

Support Communities 

In an email conversation we had after I thanked him for his help, 
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I found the answer I needed in Apple’s Support 


figure 1 Discussions in just five clicks. 


"My response is; What part of the Internet don’t you understand?” 

Postings ma/ be hard to take sometimes, but TiVo is gaining incredi¬ 
ble insight into its users. When users have a problem, TiVo is the first to 
know. In time, the forum will help TiVo make a better product. And 
when forum users begin to see that their suggestions make it into 
future product versions, they’ll feel intimately connected with TiVo-a 
bond that won’t be easily broken. 

Things have worked out well for Bullwinkle, too. After the TiVo 
community’s success, he was promoted to Chief Evangelist. Everyone in 
the forums still knows him simply by his login: “TiVolutionary.” 


Archibald told me that he’s between jobs at the moment, taking what 
he calls, “a sabbatical that started almost two years ago when I burned 
out working in management for a non-profit organization.” 

He said that few of the regulars in the forums are Apple employees. 
“Those who help out in the forums do it as volunteers on their own 
time, with the only motivation being the desire to help others solve 
their problems," he said. 

God bless the Web. 

Archibald is the poster child for a kind of online community that’s 
not new, but one that companies are just now learning to foster. These 
are support communities, gift economy ecosystems where what you 
give is what you get. 

Co-opting the Underground 

On the TiVo Community Forum (see Online Resources), people literally 
obsess about TiVo, the personal video recorder. The site carries discus¬ 
sions on everything from tech support, to general chit chat, to the TiVo 
Underground, where hackers post about what they’ve learned by open¬ 
ing up their TiVo boxes and mucking with the insides. 

When the folks at TiVo discovered this forum (it started independ¬ 
ently), they could have called in the lawyers, instead, they sponsored 
the site, offered TiVo branding elements, and linked to it from the offi¬ 
cial TiVo site. 

Richard Bullwinkle was the Webmaster for the TiVo corporate site at 
the time, and he saw the site’s power. He worked closely with the 
forum’s creator, David Bott, to make it better, and answer questions 

from the official TiVo perspective. 

Is TiVo happy with everything that goes on there? Of course not. 
“Every now and then some executive says, what is this?” says Bullwinkle. 


Making it Work 

Like any open, Web-based community functionality, support sites can 
be used for good and evil. For every polite helper, there are a dozen 
potential bozos, hopped up on goof balls, and looking for trouble. 
Sometimes it seems as if every Web-based discussion forum is just a 
few troublemakers away from chaos. 

But unlike other general-interest communities online (where you can 
find social discussions about everything under the sun), support 
communities have a very specific calling: connecting people who need 
help with people who give it. It’s this focus that makes them special, 
and different from other Web communities. 

Make no mistake, this is community. Communities are formed 
around common interests or needs. Although my need for a community 
of people who were also annoyed by a little flag icon was temporary, the 
need itself was very strong. 

There are steps you can take to create user-to-user forums that let 
the good guys help and keep the bozos from taking over. 

Ho Free Lunch 

User-to-user discussion forums are no substitute for good old fashioned 
customer service. Companies that encourage the development of these 
kinds of communities still need customer support staff to answer the 
phones. And now they also need moderators in the forums. Initially, 
running forums may actually increase the amount of work you have to do. 

But the advantages to having a successful user-to-user support 
forum on your site are clear. You’ll wind up with well-informed, better- 
supported users, and those users will be more loyal than ever. 

It takes some work, though, A few things to keep in mind while 
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designing and integrating a user-to-user support 
forum on your site: 

1. You now have two different audiences. 

When you start a user-to-user support forum, 
be aware that you’re creating a site for two very 
different audiences. The primary audience is 
people in need of help. The secondary audience 
is people who show up to help others. 

While the primary audience must take prece¬ 
dence {they’re the ones in the middle of a prob¬ 
lem, after all), cater to the secondary audience 
as well, because they’re making your life much easier by supporting 
fellow users. It’s your job to make their lives easier in return by making 
a site that’s easy to use. 

Each audience will want slightly different toolsets. For example, the 
user in crisis will want a way to search for answers that are likely to 
match his or her problem. Gurus, however, might just want to browse 
areas in which they’re knowledgeable to see if there are any questions 
they can answer. You’ll have to support both kinds of interactions if you 
want a successful site. 

2. Don’t fear the user. 

Someone out looking for trouble will always find it. Adding community 
functionality to any site means that someone, at some point, will say 
something that will make your skin crawl. 

The solution is to have clear, direct rules that spell out what is and 
isn’t acceptable, when someone crosses the line, everyone will know it, 
and no one will be surprised when the offending material disappears. 

For example, the rules in the TiVo Community Forums are clear. You 
can talk about hacking the TiVo to add another hard drive, because that 
doesn’t hurt anybody, but one mention of a scheme to circumvent the 
monthly service fee, and you’re out on your tush. The community 
understands these rules and abides by them most of the time. 

According to Bott, in the five years he has been running the AVS Forums 
(of which the TiVo community is a part), he has only booted six people. 
Not bad for a site with i8,ooo active members. 

The other important factor is to have community facilitators (often 
called hosts) who monitor the forms, answer questions, and keep an eye 
out for inappropriate posts. These people are often the crucial difference 
between a positive, productive community, and a flame fest. It isn’t an 
easy job, but it’s a necessary one. 

The bottom line is, if you go in with clearly articulated rules and 
knowledgeable hosts, you have no reason to be afraid. Remember, nine 
times out of ten, your users only want to help you and their fellow 
users. Don’t fear them! 

3. Offer rewards 

Remember that the people who offer help in your forums are doing you 
a huge favor. It’s up to you to make it worth their while. There are a few 
different ways to thank them. 

First, make their lives easier. Give them tools that make answering 
questions easy. For example, I should be able to register myself with 
a support community and tell the site what kinds of subjects I’m 
knowledgeable in, and what kinds of questions I’m interested in 
answering. Then, on a schedule I set, the site could automatically 
search through all of the new posts for topics I said I knew about and 
email me the threads. 


For example: “Derek, you said you were interested in helping people 
remove flag icons. Joe User has posted a thread that matches your area 
of expertise. Would you like to see it? Click here.’’ In one click I’m on the 
site, answering a question. Easy. 

Second, give them something cool. Keep an eye on your users and 
pick out the most active helpers. Send them each an email thanking 
them for their participation. Tell them that if they want to send in their 
address, you have a thank you present to send (but that it’s completely 
optional). Send them schwag from your site: T-shirts, stickers, or mouse 
pads. JGuru (www.jguru.com), for example, is a community site for Java 
developers that relies on its users to help build its FAQs. They recently 
picked one of their most active gurus and offered to send him a thank 
you present. He got a black leather jacket—with the JGuru logo embroi¬ 
dered on it, of course. 

4. Make it smooth. 

Finally, the most important issue is the most obvious. Users are coming 
to your site in their time of need. It’s your job to shuttle them to the 
answers they seek. That means you should design with extreme usability 
in mind. Context sensitive searching, user-controlled bookmarking, and 
super-clear navigation are all key here. 

A Cautionary Tale 

People want to discuss your product or service online. If you don’t give 
them a way to do it, someone else will. 

Take Pac Bell, for example. With all of the horror stories about DSL 
installation I’ve heard (and told), it’s not surprising that Pac Bell wasn’t in 
any hurry to put a user-to-user discussion on its site. 

But that didn’t stop the Net. In came DSL Reports 
(www.dslreports.com), a site solely devoted to reviewing DSL 
providers. The stuff posted there about Pac Bell makes me feel almost 
sorry for the phone behemoth (although the feeling only lasts until 
my DSL goes out again). 

The bottom line is that people take to the Web in search of connec¬ 
tion and commonality. They help each other in times of need, celebrate 
in times of joy, and speak out when they've been wronged. 

No longer can companies count on a slick ad campaign to make 
everyone forget about last year’s faulty product, instead, businesses 
must begin to foster this communication on their own sites. There, they 
can answer questions when they arise, correct misinformation, and 
foster positive user-to-user conversations. Most of all, their customers 
can teach them how to make a better product. >< 

Derek is a writer and designer living in San Francisco, CA. His book on the 
design of community spaces online, Design for Community, was published 
in August by New Riders. Visit Derek at www.powazek.com. 


november BDOl www.webtechniques.com 25 








......... 





■ --: ■■■■s-".- -r’.v- ■-■ ■." 



I " "t:- ' 




wjimsigfm 

si;ai:-liii^f iPi^ :;'f'ir':?::! ■ 


■>U.;:.-;- ■■ ■■'"- 












'■ ■■■V'.i- ;:■. ■■ 

'”:''fiiiila::i::S:'^:^^ 




.;■ ■■ :,-'y-''.' ".C'fev:'--- 

v';.' '.yy.yi:y-^.r-yy.y^: 




1; 








m-r 


- ■' ■-.■■■■ "■'■-■ "■.'■■■■■ ■■ .-■■ ■■'-y-'-yW'yy- -'- v'.-K-'.Wi-*-# 


■ ■^■■■- -. A ■ 


■' 'V:^'S'-: 





- .sif:'--' :>r ,- "^1 !'-k- 

set am 

-iaSii ;'i ■'' WS'k . iS:| 


■■■ '■' 

V .";■ ■■'a- 







-s,»»i|iff' 

'ft'.'. If'' 








:i. .. 


■:■ '.ift '^■f;i!'::ft '■: 
■li ft " ■■;■..■■■ ■'.. .... ..■■.: :'■ 

‘. ■ ■:■■:■ ■, '-ft . ■■'!■■^.•■'/■'■ft -.■' 


f% 7 yy 




Home ! MS0N Library I HSDII Downloads 


tU MSON Untversai Subscription 

□ Developer Tools 

□ Visual Studio .NEl^ 

□ .NET Framework 

□ Visual Studio 6.0 

□ .NET Enterprise Servers 

□ Operating Systems 

□ productivity Applications 

lU MSDN Enterprise— NEW 

Q Developer Tools 

□ Core .NET Enterprise Servers 

□ SQL Server 2000 

□ Exchange 2000 Server 

□ Operating Systems 

UJ HSDN Professional—NEW 

□ Developer Toois 


teS'K.;' 



if ftf f'v.-'ftft %,ft=-:: .{t-Se 


f'- ftffft.ff ;'f:'f'V'''''.''V' i;'ft .( 


i.v.i-f ft 




• 'J-';a'■ f , ■■ftT,mft:_;ft' • . -_ ••'-f ftfl' ' 

'.'ft.ft’ftftV'v;'>ft''''f^''ft "' . - -■■'-•■ - .. --j-.r^m;-.-.'-.':;-:- 

■ • ft i ' J - 'I ;. ----■_ V ■' 

■y-'‘-->ly} ■;- ■■ ■■ ■- J- ■ ■■■ - ■ ■■ ■■'>' "fft/ ''ft '' .' T 

rf ’.fa:-.' ... 


. s_ 7 ' "JrV ■ 










2001 Microsoft Corporation. All rights reservecf. Microsoft, MSDIM 











•SP 

.;..f; 

f#’" 


The Hiser 
Element Toolkit 

The Hiser Croup ' 

www.hiser.com.au ! 

$1600 for a single-user license; 
multiuser licenses available, 
contact vendor for pricing. 

I 

tVlethodological Ul Design 

Web site and project managers know that 

project requirements and scope often change. 
For example, in a recent Web project, I was j 

hired to convert an existing program from an i 
older, non-supported programming environ- ; 

ment to something more current. The project 
sounded very straightforward at first. However, i 
along the way, one of the analysts asked i 

selected users a few questions about work- 
flow, interface, and usability. The analyst i 
discovered that the existing interface was : 
hard to use, didn’t meet users’ needs, and 
lacked essential features. Thus, the solution 
involved re-architecting, additional work, and 
expense. 

The Hiser Element Toolkit (the Toolkit) is 
designed to address usability issues when 
you’re planning site and program design. 

It’s specifically designed with all project 
managers in mind—that is, it’s a simple 
enough tool that even those without specific 
Ul testing training or expertise shouldn't have 
a problem using it. 

Ul Methodology 

; The Toolkit is a structured Ul and usability 
methodology centered around the following 
: major processes: 

• observation and Analysis. Documenting the 
user goals, activities, workflow, and processes. 

• Envisioning and Design. Creating the 
conceptual design and an initial prototype. 

• Evaluation and Refining. Evaluating the 
prototype, conducting usability testing, and 
completing the system. 

Each of these processes includes multiple 
activities, most of which are familiar to people 
with analysis and design backgrounds, though 
many of them have somewhat different names 
(for example, field study, workflow diagrams, 
scenarios-akin to case studies, paper mock- 
ups of the Ul, and so on.) 


The most comprehensive section is the 
Evaluate and Design section. This includes vari¬ 
ous usability measures and design goals. The 
information contained in this section is an I 
invaluable summary of interface design for 
anyone developing user interfaces—either for 
Web sites or programs. This section also 
includes a subsection on icon design and a very ; 
useful document with GUI controls, which are 
worth the price of admission. 

The greatest strength of the methodology 
and activities are the detailed, accompanying 
instructions. For example, on the field study, 
which is a detailed user observation and analy¬ 
sis, there are extensive instructions on how to 
prepare for the visit, conduct the visit, and 
perform the analysis and reporting. The 
instructions include checklists, sample memos, 
observer briefing sheets, and site visit consent 
forms. There are instructions on how to 
interview, observe, and select which users 
you’ll interview, and more. This high level of 
detail and specific process identification, docu¬ 
mentation, and reporting, makes the system 
I practical for a wide range of users. Training is 
available for this methodology, but may not 
be necessary. 

A Quick Start Guide introduces the Toolkit 
materials. It presents a clear overview of the 
system and takes users step-by-step through 
each process. It’s available either in CD-ROM or 
i in print as four hefty binders. The CD-ROM 
version includes an interactive tool called the 
: Tool Adviser, which is basically a wizard-driven 
I version of this design methodology. 

The Tool Advisor begins by determining 
: some of the attributes of your project, such as 
budget, schedule, application type, and project 
purpose. You then continue with the project 
objectives, and from there, the Tool Advisor 
gives you the top choices for activities (within 
1 the Hiser methodology processes) followed by 
alternatives and supporting techniques, "his is 
a handy way to help users figure out what to 
I do and get started with the proper tool. This is 
also much faster than trying to use the flow¬ 
charts in the printed material. New to this 
release is an additional tool: the Heuristic 
Evaluation Tool. A heuristic is a learning tool, 
and this tool includes a set of checklists and 12 
guidelines to evaluate interfaces from two 
perspectives: a generic GUI perspective and a 
Web-specific perspective, 
i Although all of the documentation is avail¬ 
able online for quick reference while you’re 



working, the forms, flowcharts, and instruc- ‘ 
tions are also available in hard copy. 

The Toolkit isn’t an automated process. 
Unfortunately that means that there isn’t a 
computer program to track your progress, to = 
print out status reports, or to store your | 

completed products. It also means that The | 
Hiser Element isn’t linked to a word processor I 
for working on any of the reports, a diagram¬ 
ming tool for workflows (flowcharting), or any . 
demo or development tools for prototyping 
and screen design. The addition of such \ 

features would make the system much easier | 
to use. 

However, the focus on Ul design and the lack 
of automation features also works in The Hiser 
Element’s favor. It can be used to augment 
other products that perform various db 
programming tasks (such as Rational Rose), but 
which aren’t nearly as strong as the Toolkit in i 

Ul design. , 

The Toolkit’s pricing is reasonable for mid- to ^ 
large-size organizations. Deloitte & Touche ■ 
U.S.A. has been using it for internal develop- | 
ment of program GUIs and Web site designs. 

For organizations that specialize in Ul design or 
whose programming needs are light on the 
data side, this product may be sufficient to 
meet your design needs. Finally, if you’re train¬ 
ing users, managers, or developers in Ul devel¬ 
opment, the related documentation should be 
required reading. 

The Hiser Element Toolkit is an extremely 
strong methodology for Ul development. 
Managers, developers, and users on develop¬ 
ment teams would do well to buy the Toolkit 
either in tandem with The Hiser Group’s other 
development tools, or by itself. Either way, 
using The Hiser Element Toolkit will save you 
money in the long run. 

—john Pearson 


john programs in Visual Basic and C++ and 
contributes to magozines such as Visual C++ 
Developer’s journal, ondJavaPro. 
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^ Magenta II 

Magenta MultiMedia Tools B.V. 
www.magentammt.com 

$99 Personal Edition, 

$495 Professional Edition 



Flexible Multimedia Builder 

Magenta II is a flexible multimedia authoring 

tool that lets you create applications of varying 
sizes and complexities. You can make every¬ 
thing from simple games to full featured 
programs. Magenta II is powerful enough to 
create any imaginable program type. By using 
; the design wizards, which instantly add various 
functions to a program, you can develop a 
: complete application without writing a single 
line of code. Designing the layout for an applj- 
, cation is just as easy. You simply place objects 
: on the screen and set the features you need. 

I Magenta is similar to other authoring tools, 

; like Macromedia Director, in that it consists of 

■ an IDE, a (proprietary) programming language 

i called Magenta Programming Language (MPL), 

■ debugging tools, and a database system. The 
IDE, called the Composer, uses a series of 

: wizards to create applications, along with stan- 
; dard development tools such as a layout 
j window and project compiler. Magenta it uses 

■ the popular Python and MPL for building 

; custom wizards, and standard types of compo¬ 
nents ranging from bitmaps to scrollbars. 


New Project Wizard 

One of Magenta’s best features is its use of 
a Project Wizard for designing basic parts of a 
multimedia application. When you first start 
Magenta, it automatically begins the Project 
Wizard that lets you create a new project or 
open an existing one. Note that Magenta 
uses Unix notation for directories (c:/). This 
might be confusing for those used to seeing 
a drive referenced in Windows fashion (c:\), 
and although you can use the standard 
Windows notation, it appears that Magenta is 
preparing to be a cross platform tool in the 
future. Therefore, it's probably worth spend¬ 
ing the time it takes to get accustomed to 
the Unix variations. 

When you create a project, you have to give 
it a path and name (for example, c:/projects/ 
myproject.ms). This is similar to other develop¬ 
ment tools, so it’s not a big surprise. However, 
take your time deciding upon a location, as 
Magenta doesn’t have an internal file system 
for changing the path. You can manually move 
a project, but it’s much easier to create a 
default path for your projects. 


^ Designing a Project 

Once you’ve named your project, you're 
presented with the Composer IDE. It provides 
windows for programming, management, 
application screen layout, and debugging, to 
; name a few. It also includes a standard menu 
bar. Magenta uses common types of compo- 
; nents as basic building blocks for applications. 

; The components are similar to those found in 
: other authoring tools, and once a control has 
been added to a project, you can set its proper- 
; ties and assign events to it. 

Many items in Magenta are similar to those in 
^ other authoring tools, but the project structure 
is an exception. As you create a Magenta project, 
components are structured in a tree hierarchy on 
: the left of the screen, called a node structure. 

From within this structure, you can add compo- 
: nents, alter component properties, and manage 
a project. The node structure gives you a quick 
and easy way to navigate a project, but it isn’t 
only useful for organizational purposes. A new 
tool, called Medusa, is currently being developed 
to stream the applications over the Internet 
using the node structure. 

i Setting Properties 

: Once you’ve added a component to a project, 
you can assign basic properties by double click¬ 
ing on the component in the node structure. 
This opens a member editor, which lets you set 
the component's properties and behaviors. For 
instance, if you create a bitmap component— 
which, as its name suggests, displays a bitmap 
: on the screen-you can alter the left, right, and 
; top properties. More importantly, the member 
i editor will let you set the bitmap image of the 
component by selecting the file that will 
: appear wherever the Bitmap Component shows 
^ up in the running project. 

Magenta permits you to use several file 
; types for importing, such as BMP, JPEG, PCX, 

! and PNG, however, the runtime only supports 
' BMP and JPEG. Because of this limitation, the 
Composer converts the file types to BMP or 
^ JPEG before adding them to your project. Once 
you’ve assigned an image to the object, you 
can view its position in your workspace by 
: clicking on the layout tab, which displays a 
' layout window. You can click on the image and 
drag it around the layout window, and because 
; this process is very similar to the approach 
used by other development tools, you’ll quickly 
become accustomed to it. 

Setting Component Behaviors 

Once you’ve created a component and set its 
properties, you’ll probably want to interact with 
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it. Magenta provides an easy way for you to 
: control user interaction by adding behaviors, or 
events, to the component The behaviors let the 
: component react to user input events such as a 
mouse-button click. First, you must declare a 
method, a small programming script written in 
MPL. The script is then executed in response to 
an event, or called directly in the program. 

There are predesigned methods available for 
a variety of events, including key up and down, 
left and right mouse buttons up or down, and 
even mouse wheel functions that let you fully 
control and interact with the components. 
Additionally, you can use methods like Create, 
which automatically executes the event when- 
: ever a component is created, or Collision, 
which creates an event if the component 
collides with another on the screen. These 
methods let the components react to situa¬ 
tions other than direct user interaction. 

After you’ve created a method, the method 
window appears. This lets you add programming 
code to control what occurs when the method is 
triggered. The programming language, MPL, is 
intuitive and the documentation that comes 
with Magenta is well designed and written. 
Therefore, it takes only a short while to become 
comfortable with the language. A particularly 
valuable feature of the method window is that it 
only displays a single method at a time, making 
it much easier to concentrate on a single 
program element. You can display any of the 
methods by selecting the navigation button to 
the left of the method name and choosing its 
name from the drop-down menu. 

In short, Magenta is a very well conceived 
application that would be useful for authoring 
almost any type of multimedia-driven applica¬ 
tion. Its programming language is easy to use 
and the user interface is comfortable and navi¬ 
gable. Magenta is freely available for noncom¬ 
mercial use, or you can get a 30 day trial in a 
commercial environment. If you have an 
upcoming multimedia project, give it a try. 

-Clayton Crooks 

Clayton Crooks is a freelance writer and inde¬ 
pendent consultant based In Knoxv/ 7 /e, TN. You 
can reach him at crooks 0 pianetc.com. 
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Customer Satisfaction Drives Revenues 


Challis Hodge 
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Customer service and customer relationship management (CRM) are 

touted as critical success factors for companies that want to seriously 
compete and thrive into the next decade. As technology and manufac¬ 
turing fast become commodities, the customer relationship is the only 
area where real competitive advantage is still possible. 

Ironically, there has never been a time when customer service has 
been more absent from our lives. When was the last time you walked 
into a store and were treated like an individual, with concern shown for 
your personal interests and needs? It was probably a long time ago. 

If customer service is poor in the brick and mortar world, it’s worse 
online. Even on sites that are well designed and usable, it's still hard to 
get quality customer service when you need it. If you send an email 
request, do you receive a quick and helpful reply? How easy is it to find 
a phone number to call? If you call the help line, do the customer serv¬ 
ice representatives answering the phone have any clue how you spent 
the last hour on their company's Web site? 

This combination of high potential advantage and low-quality service 
has created a great opportunity for businesses that facilitate relation¬ 
ships between companies and customers. In fact, the hordes of venture 
capitalists that were pouring money into online retailers in the last few 
years have now switched their bets to the companies building software 
that improves online customer service. According to a recent study by 
Jupiter Research, roughly 200 venture-backed startups are now develop¬ 
ing software to improve online customer service. 

These investments aren't unfounded. Technology analysts at 
eMarketer expect spending on CRM in general to increase to $10.4 billion 
in 2001, a 167 percent increase over the $3.9 billion spent in 2000. This 
rapid growth comes despite the uncertain economic climate in the U.S. 
and abroad. More specifically. IDC predicts that the electronic customer 
relationship management (eCRM) market in North America will exceed 
$9 billion by 2003. 

That we’re still seeing growth in this space is a sign that businesses 
recognize the value of customer satisfaction and understand how it 
drives revenues. By using technology that makes service more efficient, 
businesses will be able to reduce costs. A more efficient support center 
will provide better service to customers with questions, which means 




that customers will be satisfied. If they’re satisfied, they’re likely to do 
more business with the company. 

Overcoming CRM M^hs 

With strong financial and logical evidence, it would seem that 
businesses are well on their way to developing customer service strate¬ 
gies. Certainly, it’s clear that your investment in an eCRM solution or 
live chat software would be recovered over time, right? Surprisingly, that 
hasn’t been the case. 

The first big myth of CRM is that it's just not worth it. Unfortunately, 
the return on investment (ROI) calculations that result in such conclu* 
sions often focus on cost savings rather than on customer satisfaction. 

Instead of taking a long-term view of the customer relationship, 
these decisions are driven by 90-day Wall Street reporting cycles. Many 
companies have calculated-often with great precision-the lowest level 
of service their customers will tolerate before switching brands. Yet it 
has been widely reported that companies focusing on customer satis¬ 
faction over cost savings reach profitability earlier than companies that 
don't. Even so, these companies have few options, because they’re 
responsible to shareholders who have yet to embrace large investments 
in customer service over short-term gains. 

Redundant spending also weakens the recovery of your investment 
on eCRM and other customer service software, in other words, disparate 
corporate goals and separate business units have led companies to 
invest in technology solutions that have failed to deliver a unified 
customer experience. For instance, how often have you contacted 
a customer service department via telephone and dialed in your account 
number, only to be routed to a representative who asks you to provide 
the information again? Redundant spending, notes jupiter, will cost 
Global 2000 companies between three and four billion dollars over the 
next two years. 

Setting the financials aside for a moment, perhaps the greatest 
misconception is that a live-support chat, email trouble ticket system, 
or eCRM technology is enough to successfully serve and retain 
customers. In reality, CRM solutions can only be truly effective if you 
implement them across all channels, not just on the Internet. 
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There are three components at the core of a solid customer service 
strategy. In addition to technology and infrastructure, a customer- 
centered business must also use its collected information and feedback 
to refine products and services until they meet the customers’ needs. 
Likew/ise, successful businesses must make changes internally to build 
an organizational structure that’s focused on customer experience. 
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Technology 

Advances in technology have enabled businesses to better understand 
and respond to customers. Businesses can offer product and service 
recommendations, answer questions promptly and succinctly, and make 
product and service improvements based on feedback. The sole purpose 
of many product and service providers on the market today is to help 
businesses develop better relationships with their customers. 

Personalization Technologies. Companies specializing in personaliza¬ 
tion may offer a bundled set of software and services that integrate 
across an enterprise. The tools deliver personalized content and recom¬ 
mendations to online customers. While they can benefit a businesses 
and its customers, they’re only tools. 

Businesses must understand both the value and the limits of person¬ 
alization technologies. They can provide up-selling and cross-selling 
opportunities while giving customers timely and beneficial personalized 
suggestions. While these technologies can help to increase revenues 
through incremental sales and reduced customer service costs, they 
aren't substitutes for human interaction. Personalization has limita¬ 
tions because you need a certain amount of data to make it work. More 
data means better personalization. However, collecting data takes 
considerable time and reaches points of diminishing returns at which 
other methods are needed, Amazon.com uses a combination of book 
recommendations based on the personalization engine, and it also 
offers a variety of thematic and categorized suggestion lists from a wide 
variety of real people. 

See “Getting Personal” in this issue, for a through discussion of 
personalization technologies and vendors. 

Live Online Customer Service. Live chat and related technologies, like 
Voice-over-IP and screen sharing, let business representatives interact 
with customers by answering questions in real-time, making product 
suggestions, and offering assistance. Companies that provide these 
services include: LivePerson (www.liveperson.com}, ClientReps.com 
(www.clientreps.com), and NewChannel (www.newchannel.com) 
among others. 

Servicebots. Servicebots are customer service mimics or avatars that 
reply to natural language queries. One such company, NativeMinds 
(www.nativeminds.com), recently unveiled a virtual representative 
called Nick. This cyber assistant answers questions for Nicorette and 
NicoDerm CO at nicorette.com. nicoderm.com and committedquitters- 
•com. Other companies that provide servicebot technologies include: 
Ask Jeeves (www.askjeeves.com), Artificial Life (www.al.com), and 
Extempo (www.extempo.com). 

Online Measurement. It’s important to have tools for tracking, 
collecting, and measuring customer interactions with a company. 
Metrics and analytics are important, not only to determine whether 
an eCRM solution is being used, but also to provide direction for 
refining the technology and interface. Some examples include: 
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WebCriteria (www.webcriteria.com) and OpinionLab (www.optnion- 
lab.com). 

Customer Relationship Management. CRM activities are typically 
performed by sales, marketing, and service professionals and divided Into 
three processes: Sales-force automation, which includes the prospecting 
of potential customers and general sales operations; Enterprise market¬ 
ing automation, for managing customer contacts and ensuring that the 
right information is delivered at the right time through the right channel; 
and customer service management for responding to customers’ 
requests for information and assistance as soon as possible. Many 
companies are still struggling to integrate a CRM solution across these 
three processes, when in fact, they need to further integrate their entire 
organization. The challenge is big, and few CRM implementations will 
meet ROI expectations over the next eighteen months. Yet, the compa¬ 
nies that do will have a significant advantage. 

Siebel Systems (www.siebel.com) and PeopleSoft (www.peoplesoft.com) 
are among the many major players in the CRM solutions space. 

Electronic Customer Relationship Management (eCRM). The “e” 

prefix simply means that the CRM processes are applied to business 
on the Internet. In many cases, the customer relationships are 
inherently more dynamic and interactive in this space. Vividence 
(www.vlvidence.com) and Kiwilogic (www.kiwilogic.com) are examples 
of eCRM solutions providers. 

Wireless Customer Relationship Management. Wireless CRM technolo¬ 
gies are currently focused in areas where mobility and portability are 
more important than instant access to information. Wireless will even¬ 
tually deliver instant access and mobility as bandwidth increases. 
Interact Commerce (www.enteract.com), PeopleSoft, and Neteos 
(www.neteos.com) currently offer wireless CRM solutions. 

Refining Products and Services 

The best customer service is no customer service. That's right, good 
service is the kind that doesn’t get used because it isn’t needed. The 
goal is to refine products and services so that they’re easier to use 
and understand with every iteration. Successful customer-centered 
businesses must implement technologies that let them gain deep 
and meaningful understanding of their customers. The result is an 
organization equipped to develop the products and services its 
customers truly want and need. For all of you worried about ROI, 
here’s where an initial investment in customer service will result in 
lower customer support costs down the line (via gathered and mined 
customer data). 

Companies must recognize that making useful and usable products 
and services isn’t an event or a project-it’s a continuous process. If 
it’s properly used, eCRM data can facilitate continuous improvements 
in Web site architecture and navigation, product inventories, and prod¬ 
uct features and functions. Where there’s less flexibility in the product, 
companies can bundle services to support customer needs. 

But there’s a caveat: As I mentioned before, a state of the art, 
enterprise-wide CRM implementation won’t design better customer 
experiences, improve the quality of products, or develop future prod¬ 
uct strategies. Surely, CRM tools combined with your best market 
research data will tell you a great deal about your customers, 
however, don’t expect to have all of the information you need. 
Customer-centered businesses must use methodologies for customer 
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Customer-Centered 
Organizations 

Customer-centered businesses must learn the 
difficult lesson that competitive advantage and 
future success lies squarely in the relationship 
with the customer, and not in emerging technologies. While on the 
surface this seems easy enough, in practice it’s quite challenging. Busi¬ 
nesses and their employees often feel that they know their customers 
and can make unbiased decisions on their behalf. As a result, they typi¬ 
cally select promising technologies to facilitate their personal percep¬ 
tion of need, combined with business case. 

However, a successful customer-centered business must also have an 
organizational structure and culture in place that let it capitalize on 
technological advancements in CRM-to the specific end of meeting 
customer wants and needs in the most efficient way possible. The 
organization must have a clear set of goals and a clear focus. To ensure 
internal continuity across channels, departments, and other organiza¬ 
tional silos, the company must focus on a unified and consistent 
customer experience. 

This isn’t a new process. It’s a culture, a philosophy, and a way of 
doing business that must permeate the entire organization-a 
customer-centric culture that thrives on empathy and learning about 
its customers. The organization must be able to mass-customize its 
products and services to meet specific and unique customer needs and 
requirements. As the learning relationship continues to develop, the 
customers’ needs become better and better understood, and more prod¬ 
ucts can then be customized to meet their changing needs. 

Businesses must design products and services for increasingly 
sophisticated customers with increasingly complex lives. No single 
department or functional group is qualified to handle this task alone. 
This requires the cooperation and shared expertise of multiple 
individuals with many skill sets, experiences, and resources. Of course, 
that still leaves one organizational challenge unsolved-customer- 
centered leadership. 

Just as the existing departments in an established organization 
aren’t qualified to manage the customer relationship alone, no single 
department has the necessary skill sets, empathy, and neutrality to 
oversee the customer relationship and all points of contact the organ¬ 
ization has with its customers. For this purpose, customer-centered 
businesses have created a new position, the Chief Experience Officer 
(CXO). A position with fiduciary responsibilities, the CXO is responsi¬ 
ble for every point of contact a company has with its customers; 
through its products, services, advertising, marketing, packaging, and 
so on. The CXO is the champion of the customer-centered movement. 
Not only must this person be well versed in the processes and meth¬ 
ods for understanding, communicating with, and responding to 
customer needs. This person must also have a strong working knowl¬ 
edge of the intricacies of the company and the domains in which it 
conducts business. 

Developing a Strategy 

It s important for a company to identify each of its customers individ¬ 
ually, and recognize them whenever and however they contact the 
organization. Providing this level of responsibility to customers poses 
big organizational and infrastructure problems for almost any 


business—the bigger the business, the bigger the challenge. The avail¬ 
able technology is helpful, but using it still presents some difficulties. 
For instance, with eCRM, huge volumes of customer information are 
retrieved, stored, processed, and delivered electronically, so everything 
must be highly flexible, adaptive, and scalable. It’s also important to 
make sure your platforms are completely dependable and secure. Simi¬ 
larly, you’ll also encounter internal challenges. For instance, corporate 
culture has played a significant role in stagnating or depressing 
customer service. Lack of empathy for customers, dispute over owner¬ 
ship of the customer relationship, and fear of change are just a few of 
the inhibitors. 

Regardless of the obstacles, smart leaders in smart organizations 
know that possessing a sound customer service strategy is key to a 
business’ success. And it’s not enough to simply purchase and Imple¬ 
ment the latest technological advancements. To have a successful 
customer service and relationship management strategy, you need an 
organization-wide focus on the customer and the dedication to meet 
and exceed customer needs in every way possible. Cost savings are 
important, but you should use customer satisfaction as your first meas¬ 
ure of ROI. 

A continuous dialogue with your customer, combined with continu¬ 
ous evaluation of your product and service offerings is central to a 
successful strategy. You must collect and use all information necessary 
to meet your customers’ needs, collect and disseminate the appropriate 
information to the customer at the appropriate place and time, and 
finally, reduce your clients’ customer service needs by making the right 
products and services, and making them well. 

When a customer has been wronged, do something meaningful and 
obvious to rectify the situation. Keep in mind that customers know 
when they’re being marginalized, lied to, or cheated-and as I stated 
before, they know when they’re being talked to by a machine! 

Mike Eskew, vice chairman of UPS, suggests that “the power of 
consumers to pull what they want through the supply chain’’ is one of 
the most important changes influencing the way businesses must 
conduct themselves in the future. Enron CEO Jeff Skilling, suggested 
that we have only seen a very small percentage of the change that will 
occur in the next several years. When asked about Enron’s strategy, he 
made it clear that Enron is offloading assets, and doesn’t own the gas 
fields, pipelines, power plants, or delivery channels it uses. As he says, 
“we find a customer and ask, ‘what do you need?’ And then we figure 
out how to put that together.’’ 

Products and technologies can give you an edge over competitors, 
but not unless your corporate culture puts customers at its core. Once, 
you’ve established that customer needs come first, you can find the 
most efficient way to meet them. >< 

Cho/lfs wos founder and CEO of HannaHodge, a Chicago-based user experi¬ 
ence firm. He created the University of Wisconsin's interfoce design curricu¬ 
lum and guided the user interface development of enterprise Web-based 
solutions at IBM. 
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Doesn’t your Web site deserve the best in server management? We 
think so at DataPeer. That’s why we support your site with the highest 
quality customized products, services and facilities available. 
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Neil McAlHstep 


In the past, online ventures devoted much of their marketing energy 

to winning customers and building market share. Yet in today’s tough 
market, it’s more important than ever that Web businesses concentrate 
on strengthening existing customer relationships. 

Consider the numbers: According to the Harvard Business Review, it 
can cost six to ten times as much in marketing and advertising costs to 
acquire a new customer as to retain an old one. And for e-businesses, 
those customers don't amount to much: In March 2000, The industry 
Standard reported that first quarter revenue earned by online retailers 
from each new customer averaged a mere $24.50. 


In the following quarter, however, those same customers brought 
in an average of $52.50 each, and that figure remained consistent 
through each successive quarter. Clearly, maintaining long-term 
relationships with customers is the way for businesses to start seeing 
real returns. 
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ArsDigita ACS Personalization Homepage 

www.arsdigita.com/products/ 
personalization.adp 

ATC Dynamo Personalization Server 

www.atg.com/en/products/dps.ihtml 

BroadVision, makers of personalized content 
and commerce solutions. 
www.broadvision.com 

Brock, an open-source, Java personalization 
engine based on Enhydra. 

brock.enhydra.org 

Personalization Consortium, a business 
advocacy group. 

www.personalization.org 

Vignette Lifecycle Personalization Server 
www.vignette.com/CDA/Site/ 
o,2097,i-i-i32?-2067-i339-2T90,oo.htmI 


Unfortunately, the same study revealed that less than 40 percent 
of e-commerce customers were repeat purchasers. Online businesses 
are now faced with what is, for many, a brand new challenge: How to 
better serve the needs of customers so that businesses can establish 
lasting relationships? 

The Personal Touch 

Personalization and customization software was developed with 
customer retention in mind, and it’s a solution that increasingly more 
Web businesses have begun to embrace. According to research con¬ 
ducted by eMarketer, as of June 2001, 56 percent of U. 5 . e-businesses 
had incorporated some level of personalization. 

Perhaps the most obvious candidates for these technologies are B2C 
e-commerce sites, where personalization makes true one-to-one 
marketing possible. By analyzing and addressing each customer’s 
specific needs, retailers like Amazon.com can more accurately target 
smaller market segments for promotions and product cross-selling. 

Beyond retailing, however, a wide variety of sites benefit from 
personalization. For example, B2B e-commerce sites can use personal¬ 
ization to deliver customized news, tools, or advisories tailored to the 
specific relationship established with a business partner. 

Content-driven sites like Siashdot.org use personalization to encour¬ 
age repeat visits by letting users select the topics that most interest 
them. Content with an international audience can be especially benefi¬ 
cial; Planetarabia.com demonstrates how such sites can automate local¬ 
ization by storing users’ language preferences. 

Similarly, personalization engines are useful when you're delivering 
content to mobile devices, where pages must be tailored to varying 
screen sizes and interface capabilities. By letting users choose their own 
media preferences, sites that offer rich media content can avoid delug¬ 
ing customers with data formats and plug-ins their browsers can't 
handle. (C-Net already stores such preferences for its streaming broad¬ 
band content.) 

Personalization can also let users custom tailor the interfaces of Web- 
based applications to suit their own work habits, as they’ve grown accus¬ 
tomed to doing with desktop applications. Portal sites like Excite.com 
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offer great flexibility, though sometimes even a change as simple as 
modifying a color palette can improve a user's experience on a site. 

Tough Choices 

The decision to add some level of personalization to your site may seem 
like a no-brainer. Deciding just how you should implement those 
features, on the other hand, can be much more difficult. 

Should you deploy an existing product, or build your own? While the 
most basic personalization features can be created fairly easily using 
tools like Java or PHP, integrating a prepackaged solution is probably 
more cost-effective if you require more sophisticated features. 

A wide range of commercial personalization solutions are available, 
including options for most of the popular Web application servers, such 
as IBM WebSphere, ATG Dynamo, Oracle 9i, and BEA WebLogic. Content- 
management mainstays like Vignette and BroadVision have strong 
offerings in the personalization space as well. 

The downside to many of these products, however, is that they can 
be extremely expensive. Pricing for BroadVision typically begins at 
$300,000, while solutions from ATG and Vignette start around $100,000. 
As with most enterprise-class software, however, pricing is often nego¬ 
tiable. For example, Microsoft Commerce Server 2000, which costs 
$8,499 per CPU, is also available In a rentable configuration. 

Open-source alternatives to these products are beginning to appear, 
but so far, few products compare to the commercial offerings. As of this 
writing, none of the most prominent open-source application and 
content management servers—including Zope, ArsDigita Community 
System (ACS), and Enhydra—had shipped a personalization option, even 
though all three had something in the works. 

When evaluating any of these solutions, remember that development 
and support costs can factor heavily into the total ownership cost for a 
given product. A product that supports open standards is often much 
more easily integrated with third-party add-ons. And products that 
support a proprietary scripting language (rather than a Web mainstay 
like Python or Java) have a much steeper learning curve, potentially 
requiring expensive training and hands-on support. 

Whiie weighing all of the available choices can be overwhelming, 
consider your options carefully before you commit. Remember, user 
profiles and customer data are seldom seamlessly transferable from one 
personalization server to another. Switching products after deployment 
can be difficult, because it often means starting over. Before arriving at a 
decision, it may be helpful to first understand how personalization works. 

Targeting Users 

Depending on the level of customization your site requires, the actual 
process of targeting specific users can be fairly complex. At the core, all 
personalization engines must provide three basic functions: profile 
management, user segmentation, and content targeting. 

Profile Management. The most basic concept of personalization is that 
each user can be uniquely identifiable, and you can therefore record specific 
data about each user. The resulting data store is generally known as a user’s 
profile, and it might contain any number of information pieces, ranging 
from the user’s name, to the last ten items he or she purchased, to the time 
of day the user most often accesses the site. Personalization packages 
generally provide software to store, retrieve, edit, and analyze user profiles. 

Note, however, that whiie every profile represents an individual user, 
storing a profile doesn’t necessarily imply gathering any personally 
identifying information about that user. In fact, many personalization 



engines let you generate completely anonymous profiles. These are 
created the instant a user first accesses the site, and stored either in 
cookies or by passing identifying codes in URLs. Anonymous profiles 
don’t divulge any user information except their behavior on the site— 
which is often the most important information. 

If, at some point, a previously anonymous user chose to register with 
the site, that user’s anonymous profile could be upgraded to a personal 
profile. This new profile would retain all of the usage information previ¬ 
ously gathered, but it would augment whatever personal data the user 
opted to disclose. 

User Segmentation. Once you’ve begun to gather information about 
user interests and habits, next you must begin to assign those users to 
segments. Only then will you be able to target particular segments for 
marketing, promotions, or customized content. 

Defining user segments can be tricky, as it’s really a process of 
representing business rules in a form that the personalization engine 
understands. Correct representation of those rules often requires input 
from non-technical staff; therefore, if your business has complex user 
segmentation requirements, pay special attention to the user interface 
of any personalization package you’re considering. The user segmenta¬ 
tion portion should let you edit user classification rules in a straightfor¬ 
ward, intuitive manner, without sacrificing flexibility. 

Once your segmentation rules are defined, the personalization engine 
must employ analytics to determine which users fit into which categories, 
based on the information that’s stored in their profiles. This process may 
operate based on explicit rules, data intuited from usage patterns, or both. 

Content Targeting. Finally, to target certain content to the user cate¬ 
gories you’ve defined, you must also classify the content itself. Which 
information is appropriate for which types of users, and when? This 
process usually involves assigning metadata to individual content enti¬ 
ties and flagging them for targeted delivery. 

On an e-corrmerce site, this might be as simple as assigning product 
cross-sells. The process could be more involved for other kinds of Web 
applications: To target an article for a content-driven site, you might have 
to generate an XML-encoded abstract describing the article’s contents. 

Explicit Language 

Different personalization engines will implement these three functions 
to varying degrees, depending on the type of personalization required. 
Generally speaking, package prices increase as the complexity and 
sophistication of your demands increases. The easiest (and often the 
most cost-effective) solution is explicit personalization. Using this 
method, a site adapts based solely on well-defined, consistent rules. 

In one implementation of this technique, the personalization engine 
first checks for an existing profile for each visitor. If it finds one, the 
engine might be preprogrammed to automatically populate the site’s 
homepage with a personalized greeting. A different greeting might be 
issued if the site notices that it’s the user’s birthday, or the look and 
feel of the page could change based on the user’s preference settings. 
Further notifications could be delivered based on the user’s content 
channel preferences, and so on. 

Another standard rules-based practice is product cross-selling for 
e-commerce. A user who purchases an electronic gadget from 
Outpost.com, for example, might be offered the opportunity to buy 
AA batteries as well. A user who has purchased an ink jet printer in the 
past may be offered periodic discounts on cartridges or paper. 
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Al! of these effects are the result of explicit choices the user has made 
in the past, which then trigger pre-deftned responses from the personal¬ 
ization engine. If, on the other hand, you require a level of customization 
such that models of user behavior grow and change over time, you’ll 
want to investigate packages that support intuitive personalization. 

Use Your Intuition 

Rather than merely reacting to a well-defined set of rules, advanced 
personalization engines develop user profiles based on information 
intuited from customer behavior on the site. This lets a site adapt to 
and target even customers whose usage patterns weren’t foreseen by its 
designers. There are several ways to achieve this; the method that’s 
most appropriate foryour site depends on your business needs, and 
your software capabilities. 

Content-Based Filtering. As mentioned earlier, the user-targeting 
process involves categorizing content, generally by assigning it some 
form of metadata that describes its subject matter. When using a 
content filtering approach, the site stores metadata from previously 
accessed pages into a user’s profile. Over time, the personalization 
engine is able to recommend other content based on the user’s track 
record. For instance, a customer who purchased several Anne Rice novels 
from Amazon.com might receive recommendations for other products 
coded with the keyword “vampire.” 

Collaborative Filtering. Another way to generate personalized recommen¬ 
dations is to let your user base do the research for you. You can achieve 
this by using a form of mathematical analysis, known as an approximate 
nearest neighbor search, to compare a given user’s profile to those of 
others who may have performed similar actions. For example, if User A 
has bought some of the same products as User B has bought, then User 
A’s purchasing history might yield other products worth recommending to 
User B. Amazon.com makes effective use of this technique. 

An alternative collaborative filtering technique involves user- 
contributed ratings. In this scheme, users rank given products or con¬ 
tent based on their own preferences. Over time, statistical analysis will 
reveal users whose preferences run along similar lines. The DVD rental 
site, Netfiix.com, employs this type of ratings system. 

Usage Tracking. The most sophisticated personalization engines gener¬ 
ate complex usage profiles for each visitor, based on his or her behavior. 
The primary way to achieve this profile is through log mining, where 
Web server usage logs are regularly processed to reveal visitors’ move¬ 
ments within the site. Having a click-tracking server collect usage infor¬ 
mation in real time can generate more immediate responses; but such 
solutions are difficult to scale, as they can be very CPU-intensive. 

Usage tracking software is complex, often involving such advanced 
analysis techniques as neural nets, fuzzy logic, or genetic algorithms to 
divine patterns in user behavior. Consequently, though this type of 
personalization system has perhaps captured marketers’ imaginations 
more than others, in practice it’s probably the least-often deployed. 

It’s possible to simulate usage tracking with a rules-based approach, 
where the personalization engine reacts to specific navigation patterns. 
(See the review of ShoMaster in this issue.) 


them. But don’t deploy a given technology simply because it’s there. Let 
your business needs drive the techniques you use on your site. Clearly 
define your assumptions, goals, and expectations for personalization 
before you begin. 

When deploying a personalization engine, remember that this type of 
expenditure seldom leads to measurable short-term financial gains. 
Evaluating the total return you can expect from your investment can be 
difficult, as hard statistics are rarely available. 

One way to measure the success of your deployment is by testing the 
assumptions made during the content targeting and user segmentation 
phases of development. Have they been validated by your user’s actions 
since you implemented personalization? 

For example, how often do users purchase products that the person¬ 
alization engine has recommended? Are you seeing an increased 
number of repeat visits from each user? Are users taking advantage of 
the customization opportunities? 

Ultimately, however, the success of personalization efforts should be 
measured relative to your business goals. Personalization enables a one- 
to-one marketing philosophy, in which total share of each customer’s 
business is emphasized over raw market share, and every customer’s life¬ 
time value is maximized. When deployed effectively, personalization and 
customization servers can help strengthen your company’s relationships 
with its customers or partners, making them essential components of 
any forward-thinking customer service strategy. >< 

Neil is the senior technology editor for Web Techniques. 
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Looking to give your site a personal touch? Start seeing eye to eye with 
your customers with this simple Webcam implementation in Visual C++. 


MULTILINGUAL 

METHODS 




Al Williams 



online 

resources 


If you want to be seen, 
look at these sites. 



We probably have the technology today to completely 

automate a fast food restaurant. You don’t see many 
robot restaurants, though, and the reasons are obvious. 
First, people like to deal with people {well, most of us 
anyway). That’s why we like to go to restaurants where the 
staff knows us. Second, the best computers we can build 
today function at the level of a gifted five-year-old. They 
can follow instructions to the letter, but when it comes 
to the unexpected, even the lowest-level human employ¬ 
ees react better than computers can. Perhaps these 
employees’ reactions won’t be what the management 
wants, but at least they'll react in ways that make sense 
to other humans. 

Because of this, I have a feeling that in the future, we’ll 
see more interaction with live people on the Web. This idea 
isn’t so far from inbound telemarketing. Already, several 
Web sites offer live support chats, but I envision something 
even more pervasive. Imagine a world in which every screen 
contains a live person who greets you, answers your ques¬ 
tions, and maybe even makes a suggestion if you look lost. 
Yes, you could achieve this with artificial intelligence, but 
humans are much better at customer service, and much 
cheaper over the short term. 

I think streaming video will be an important part of 
these strategies. After all, a disembodied voice (or typist) 
isn’t very personal. In fact. I’ve already seen a few compa¬ 
nies that have Webcams of their support bull pens, and 
other parts of their businesses too. 

live support tools 


Logitech Developer’s Site 
developer.logitech.com 

Chris Losinger’s jPEG File Library 
www.smalleranimals.com/jpegfile.htm 

A Houston ISP that has several Web cams set up. 
www.evi .net/a bout 

Among other things, BraveNet has a free live support tool. 
www.bravenet.com 


Recycle, Reuse 

Thinking about Web interaction and cameras made me 
wonder what it would take to write software that would 
make a system like this work. Of course, there are programs 
out there that act as Webcams, but I couldn’t customize 
those to the degree that I could if I wrote my own. 

I happened to have a Logitech QuickCam Express sitting 
around. These are very inexpensive and aren’t the best qual¬ 
ity, but they’re quite common—so 1 thought it would be a 
good place to start. 


Because the QuickCam has a USB connector and uses a 
Windows-specific method of communicating, I knew that 
talking to it with Java wasn’t going to be easy. That’s okay, I 
thought; I like to write in C++ anyway. But manipulating 
JPEGs and performing network transactions in C++ is 
tedious after you get used to Java. 

Undaunted, I pressed on. I wanted to see how much 
development effort I could push off onto widely-available 
libraries, even on a Windows-specific, non-Java program. 
After all, C++ is object-oriented, and Windows supports 
ActiveX controls. Why shouldn't MFC programmers be able 
to just thread together pieces to make a program? I figured 
that the first step would be to see what Logitech said about 
interfacing to the camera. 

Reading the Pictures 

I was pleasantly surprised when I checked out the Logitech 
developer’s site at developer.logitech.com. There, you can 
download the Logitech SDK (at no charge, but you do have 
to register). 

The SDK provides easy tools to read BMP files from the 
camera using C++, Visual Basic, or generic Win32 calls. The 
SDK handles all of the user interface and even does overlay 
text (which makes the time stamp requirement simple to 
implement). Unfortunately, it doesn’t handle JPEGs. No 
problem: I assumed that somewhere on the Web some 
other MFC programmer had converted BMPs to JPEGs. The 
search was on. 

Before long, I had found a nice library that would do 
what I wanted and was free! Chris Losinger’s JpegFile 
classes (see the “Online Resources" box) are an adaptation 
of the IJG JPEG code and work with Visual C++ 5.0. All Chris 
asks in return is that you mention him in your software, 
and that you come to him first for support. 

I use Visual C++ 6.0, and had a little trouble compiling it. 
Then I checked Losinger’s page again and found that he had 
documented the small changes required to make his code 
compiler under Visual C++ 6.0. Another piece of the puzzle 
fell into place. 

With everything seemingly coming together, I decided 
that, at a minimum, the basic program would have to do 
the following: 

• Load a picture from the camera; 

• add a time stamp to the picture; 

• convert the picture to JPEG (if it isn’t already a JPEG); 

• upload the JPEG to a Web server. 

For the last part of the program, Microsoft provides a 
perfectly useable tool in the form of the Internet Transfer 


38 


wwiAi.webtechniques.com ncvember 2001 






































CODERNAUTS DISCOVER WEBSPHERE. THE WORLD^S MOST POPULAR INTEGRATIOH SOFTWARE. 

WEBSPHERE FOR INFRASTRUCTURE 

CONNECTS MORE APPUICATIONS, DEVICES, PROCESSES AND PEOPLE THAN ANY OTHER SOFTWARE 


Itusitit^ss softwiitv 


ibnn.com/websphere/popuIar 


IT’S A DIFFERENT KIND of WORLD. 

YOU NEED A DIFFERENT KIND of SOFTWARE. 



















Imagine a ^orld in which every 

screen contains a live person who greets 
you, answers your ’questions, and maybe 
even makes a suggestion if you look lost. 
Yes, you could achieve this with artificial 
intelligence, but humans are much better at 
customer service, and much cheaper over 
the short term, i 


ActiveX control. This control can perform FTP 
transactions and even interact with a Web 
server directly (although I don’t need that in 
this case). 

So with no real effort, I managed to pul! 
together all of the pieces 1 needed for my 
program. I chose to use Visual C++, but the 
camera and Internet tools would also work for 
other languages like Visual Basic (VB). I have no 
doubt that 1 could have found both a JPEG 
converter and a basic FTP client for VB if I had 
looked. Of course, I was also doing all of this 
with a zero budget. If I wanted to spend a little 
money, a quick stop to one of the ActiveX stores 
(like www.vbxtras.com) would probably have 
revealed several components in each category. 

Putting it Together 

Building a user interface with the Visual 
Studio MFC tools isn’t difficult (see Figure i to 
see the program in operation). This program 
uses a CForimVIew, which is-for practical 
purposes—a dialog. This is the closest thing 
you’ll find in MFC to a VB form, or even a Java 
panel. With it, you don’t need to handle 
complicated redrawing. You simply place 
controls on the form and the libraries do the 
rest. So although the video portion of my 
program looks hard, it really isn’t. The 
Logitech SDK provides an ActiveX control that 
you simply drag into the view. 

Of course, when you start Visual Studio, it 
doesn’t have a Webcamera component. You 


have to import it from the Logitech SDK. To do 
this, you simply select Project / Add to Project / 
Components and Controls from the menu. This 
displays a list of all of the ActiveX controls and 
Visual C++ components on your system. Select 
Registered ActiveX Controls and then add the 
VideoPortal control. While you’re at it, you 
might as well add the Microsoft Internet 
Transfer control. 

Once you finish, you’ll find some extra 
classes in your project (CInet for the trans¬ 
fer control and the CVi deoPortal class). 
These classes provide a C++ interface to the 
ActiveX controls. You’ll also find icons in 
the tool palette that correspond to these 
classes when you’re designing any dialog, 
including the dialog that makes up the appli¬ 
cation’s main window. Obviously, you'll use 

the VideoPortal Icon 
to create the video 
capture window. 

You’ll also want to 
place an Internet 
Transfer icon on your 
dialog. The location 
doesn’t matter, 
because that control 
isn’t visible at 
runtime. 

As usual for Visual 
C++, the rest of the 
programming process 
involves connecting 
the user interface 
items to functions 
using the Class 
Wizard. Each interface 
item attaches to a 
variable. The com¬ 
mand buttons get 
their own functions. 
In addition, the 
program needs to 


execute some special commands when it 
starts (see Listing l). 

The calls to the in_camera object configure 
the Quickcam according to the SDK’s direc¬ 
tions. There are four calls: 

1. PrepareControl. Reads saved settings 
from the registry. 

2. EnableUIElements. Configures the 
elements that the control should show or 
hide. 

3. ConnectCameraS. Makes a connection to 
the camera. 

4. SetEnablePrevi ew. Turns on the preview 
window. 

When the user presses the Start button, all 
of the user interface items that set the pro¬ 
gram’s configuration options become inactive. 
The OnStart function (available In the online 
listings) calls Snap, which takes the first 
picture. Then it turns on a timer, the function 
of which is simply to call Snap repeatedly 
thereafter. 

Inside Snap 

The Snap function is where all of the real work 
occurs. A call to the m_camera object sets the 
overlay text (the time, in this case), and reads 
the picture into memory. You’ll notice that there 
are two calls to PictureToMemory. The first 
call has an empty buffer, and causes the 
camera software to fill in the picture size. The 
second call actually retrieves the picture after 
creating a large enough buffer. 

Unfortunately, the buffer now has a BMP file 
in it and we want a JPEG. The 3 pegF 1 le class 
can convert an RGB buffer into a JPEG, and even 
has methods to convert the BMP format into 
RGB. The program computes a few required 
statistics and makes several calls to transform 
the buffer format. A call to RGBta JpegFils 
finally makes the necessary conversion. 



, ^ This C++ program automatically updates a 

figure 1 
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void CWTWebCamView; 
{ 


:0nIn1t1alUpdate() 


CFonniVlew: ;0nIn1t1alUpdate(); 

GetParentFrame ()->Reca'LcLayoiit 11; 

Res1zeParentTaF1tn; 
char ttnpnarrB[512]; 
char d1rn3me[256l; 

: :6fitTempPath(s1zeof (dirname) ,d1rnanie); 

: iGetTempFUeName (dirname,"wtw",::getpid t J, tmpnameI; 
jpegName=CStr1ng(tmpname)+’'. jpg"; 

char sReg[] * '‘HKEY_LOCAL_MACHINE\\SDftwareS\WTWebCam"; 

m_camera.PrepareContrcl!"tfTWebCam", sReg, 0 ); 

in_cainera.Enat)leUIEleinents (UIELEMENT_STATUSBAR,0,TRUE1; 

m_camera.ConnectCamera2(l; 

m_camera.SetEnablePrevIew(TRUE); 

send1ng=fa'l.se; 

clQs1ng=faT.se; 


OWORC *dwordBuf = (DWORD *} (pBuffer+-2); 

1nt \ividthP1x=dWQrdBuf [4]; 
int widthBytes=widthPix*3; 

1nt he1ght=dwordBuf[B1; 

BYTE *tmp=pBuffertdwQrdBuf[3]; 

// vertical flip 

JpegFile:iVertFlipBuf(tmp, widthBytes, height); 
// force color format 

JpegFile::BQRFromRGB(tmp, widthPix, height); 


JpegFile::RGBToJpegFile ( jpegName,tmp,widthPix,height,TRUE,75 ); 
delete []pBuffer; 

// publish to Internet 

if (lUpdateData(TRUE)l return; //read boxes 
url="ftp://" + m_user + + rr_pw + "3’’ + m.host; 

COleVariant server(url); 

COleVariant cmd="PLIT " + jpegName + " " + m_rdir +"/" + 
m„rfile; 

COleVariant none; 
none . vt=VT_ERROR; 
none . scode=OISP_E_PARAHNOTFDUND; 

if (sending II closing) return; // not done with last picture 
yet 

if (m.internet.DetStillExecutingO ) return; // not sure when 
tills happens 
send1ng=TRUE; 

m_1nternet.Execute ( server,cmd,none,none) ; 
m_inf 0 . SetWi ndowText ( "Waiting ...") ; 


void (VrUebCamView:;Snap() { 
long ISize; 

m info. SetlnH ndowText ("Transmitting. . .") ; 

CTime time = CTime:iGetCurrentTimef); 

CString overlay = time.Format("SSHiSfli 5id %b %Y'’); 
m_camera.SetStanpTextColor(RGB(0,0, 255)) ; 
m_camera.SetStampFontName("Comic Sans H5"); 
m_camera.SetStampPointSize(24); 
m_camera.SetStampTextShadow(FALSEl ; 
fn_camera . SetStampTransparentBackground(TRUE ); 
if ( !m_camera.PictureToMemory(0, 24, 0, SlSize, overlay) ) 
return; // error 

BYTE * pBuffer = new BYTEElSizel; 

if ( !m_camera.PiotureTDHemory( B, 24, (long)pBuffer, &lS1ze, 
overlay) ) 

< 

delete Cl pBuffer; // delete the memory we 
allocated. .. 

1 

//pBuffer now contains a .BMP file in memory 


<HTML><HEAD> 

<TITLE>Web Techniques Web Ccml</TITLE> 
<HETA HTTP-EQUIV=REFRESH CONTENT=20> 
<BOOY BGCOLOR=cadetblue> 

<CENTER> 

<IHG SRC=cam.jpg> 

</CENTER> 

</BCDY> 

</HTML> 


Publishing 


when you’re done, you must publish the file to 
an FTP server. The Internet Transfer control 
makes this simple, but because it’s an ActiveX 
control, it’s a bit harder to use than, for exam¬ 
ple, the JpegFile class. In particular, the 
control requires you to convert strings from the 
C++ format to an ActiveX-compatible format. In 
this case, I used COleVariant to change them 
to variants—a type of variable that can hold 
many different data types, and is common in 
VB and ActiveX programs. 

Another problem is that the Execute 
method that sends an FTP command can also 
send other types of commands (such as, HTTP 
requests). That means some of the arguments 
aren’t necessary. To properly handle this, the 
program needs to make a variant that indicates 
you didn’t pass the parameter, like this: 

COleVariant none; 
none.vt=VT_ERROR; 


'none. scocle=DISP_E_ 

PARAMNOTFOUND; 

It’s not sufficient to pass it an empty string or 
a null. 

The transfer control has to perform one 
operation at a time or it will report an error. 
That’s why the code checks the sending and 
closing variables before trying to send 
another picture. The control’s callback routine 
(OnStateChangedInetl in the listings avail¬ 
able online) clears the sending variable when 
it completes the transfer and clears closing 
after it disconnects from the server. If the last 
transfer isn’t complete, the program just skips 
the current transfer. 

The program only uploads the pictu'e itself 
to your Web server. To make use of it, you’ll 
still want to wrap the image with a Web page 
that frames it and refreshes it periodically 
(see Listing 3). 


Smile! 

I’m biased towards C++. 1 learned C in the 
early 1980s, and I’ve written so much C and 
C++ code that it’s very natural to me. Even 
though many people favor Java for Internet 
programming, this program would probably 
have been difficult to write in java without 
resorting to native methods, because the 
Logitech camera's libraries don’t support java 
directly. 

Although C++ hasn’t been the language 
flavor of the month for some time, you can 
still easily borrow code from the Internet, 
find reusable components, and generally 
expect to have a pleasant experience. Don’t 
be too hasty to switch languages if you don’t 
have to. >< 


A/ is the author of many popular programming 
books, including Active Server Pages Solutions. 
Look for AJ on the Web at www.af-wi 7 lfoms.com. 
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How do you capture and process customer survey data easily and 
efficiently? The answer is Perl, of course—with help from XML. 



PROGRAMMING 

WRHPERL I Customer Feedback Processing 

ing XIVLI _ 


Randal L. 
Schwartz 


If your organization wants to provide good customer 

service, receiving feedback and responding to it in a timely 
manner is important. A Web form is a simple way to handle 
this process-but then there’s alt of that nagging stuff 
about validating the form fields, and writing the data in a 
nice clean way for later processing. 1 decided that I could 
use a table-driven, survey-form generator to handle those 
tasks, similar to the approach I took in an earlier column 
(see “Programming With Perl," August 1999). That approach 
didn’t permit me to validate the form responses: so I 
thought about how I could add some hooks to handle that 
when necessary. 

I initially planned to have my script write the survey 
forms by appending to a flat file (using proper file locking 
I so that I got clean writes). As I pondered a format in which 
to save the form fields, I realized that a simple XML struc¬ 
ture would do the job nicely. The XML encoding would 
provide the right clues as to which field went with which 
value, as well as the ability to escape special characters. 
What’s more, this would mean that standard XML tools 
could be used for data transformation and reduction. 
Conveniently, the XML::Simple module from the CPAN 
lets us construct a typical hash/array-ref tree and worry 
about the XML conversion at the last minute (if ever). I was 
quickly convinced that I’d hit pay dirt—and the result 
appears in Listing 1. 

Lines i through 3 turn on taint checking, warnings, and 
compiler restrictions, and disable buffering of standard 
output. Line 5 pulls in Lincoln Stein’s CGI. pm module, 
along with all of the included shortcuts. Line 6 enables CGI 
errors to be shown on the browser. Note that while this is 
very handy while debugging, it’s a security leak if enabled in 
production—so remember to remove it before deploying this 
code. Line 7 defines the constants we need for file locking. 

The configurable parts begin in line g. Line 11 is the loca¬ 
tion of the output file. This file needs to be writable by the 
Web server userid, unless this script is running setuid. Line 
13 begins the questions for this survey. Each element of 
olQUESTIONS is an arrayref. pointing to an array containing 
(in order): the human-readable label for the question; the 
param name; the CGI. pm shortcut to create the form field; 
an arrayref containing any optional parameters for that 
shortcut and, optionally, a coderef of a subroutine to run 
to validate this field; and a flag indicating that multiple 
; response elements for this field are permitted. I’ll discuss 
these fields in detail later. 

Line 62 displays the CGI/HTTP header and the beginning 
' of the HTML. 

Lines 64 to 95 handle any potential response. This code is 
wrapped in an eval block so that we can use a die to 


abort this part of the operation early and cleanly if needed. 
If the code executes to normal completion, then there’s 
nothing to say but thank you, which is handled in lines 
108 to no. 

otherwise, the program must have encountered an error. 
In this case, it displays the form in lines 97 to 107, anno¬ 
tated as indicated by the d1 e return value (captured in line 
96). Line 98 extracts a code prefix from the error message 
that contains the name of the field that was found to be in 
error, and stores it in the $flag variable. We’ll use this 
value to turn that row pink in the output. 

The remaining error message is displayed in line 99. It 
appears above the form, which also begins printing with 
this line. 

Lines 100 to 106 print a table to position the form 
elements. Each row consists of two cells: the label on the left, 
and the form field on the right. The rows are constructed by 
scanning through the elements of ^QUESTIONS, extracting 
the label, param name, shortcut function, and any additional 
arguments (in line 102). The row turns pink if the param 
name is equal to the flagged line (line 103). The left cell (label) 
is generated as a TH element in line 104, with an appropriate 
alignment. 

But the real fun comes in line 105, which looks decep¬ 
tively simple. The $func variable contains a coderef for a 
CGI. pm form field shortcut, such as textf 1 eld or 
pQpLip_menu. Because all of these shortcuts take a named 
argument list, including the name of the param as name, 
we can call them all the same way. We pass the param 
name for this field, followed by any additional arguments, 
by dereferencing the $opts variable. These additional argu¬ 
ments can be used to override default values for width and 
height, or to provide the items for a radio button group. 

The form is displayed on the very first invocation of this 
program, and on any subsequent invocations when Serror 
is set. The form response comes back to this same script. 

But now let’s track back to line 65, which creates a hash 
of arrayrefs, keyed by a param name. Its values are all of the 
values for that param. If there are no params provided (such 
as on the first invocation of this script), the d1 e in line 66 
aborts this upper block, and defines the introductory 
message that will be shown above the empty form, as 
described earlier. 

If we have at least some form data, then lines 68 to 77 
process that data, one field at a time. Each form question 
a'rayref is expanded into its fields: the label; param name; 
shortcut function; shortcut additional options; the coderef 
of the validator, and a “multi-value permitted” flag. 

Line 70 pulls out the param values for the param name 
given in Sname. Lines 71 and 72 reject any multi-valued 
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storing State on 
the Ciient 


by Adam Kolawa 

Because dynamic Web sites are stateless 
(i.e., they do not carry state from page to page), 
one critical decision you need to make as you 
develop your Web application is where you 
should store state information. If the information 
you are storing is not critical, you might want to 
store this information using the client. 

State can be stored on the client by using 
browser-specific caches and cookies, using 
JavaScript state variables, or embedding state 
information in the HTML itself. These methods are 
fast, hut somewhat unreliable or unpredictable, 

Browser-specific caches are dangerous for 
two reasons: they might be shared between 
users, and they vary from browser to browser. 
The behavior of browser-specific cookies also 
varies from browser to browser. If you use 
cookies on the client, you need to make sure 
they are configured properly, expire properly, 
and that your application works if the client 
doesn't support cookies (or that you make it 
clear to your users that your application requires 
cookie support). 

Storing browser-specific state variables 
using JavaScript is especially dangerous if you 
are using frames: if the frame is moved, the 
variable disappears If you store state using 
JavaScript variables, you need to be careful that 
your application stays in-sync with the server, 
and that your code does not lose information in 
the case of failure. 

If you store variables by embedding them in 
your HTML (for example, as hidden fields inside 
forms, or extra arguments added to URLs), you 
have the greatest possibility of aged variables 
being introduced to your server. As the state 
information grows, the HTML pages become 
larger, more cluttered, more confusing, and 
more prone to non-intuitive bugs. 

As you can see, storing state on the client 
can lead to unpredictable results. This is 
probably not a problem if you are storing non- 
critical state information (such as what page the 
user visited last). However, if you are storing 
critical information such as key user records, 
you probably want to store the data in the most 
secure place possible: on the server, using a file 
or database. 


ParaSoft' 

webking 

Prevent and detect errors in your 
dynamic site—automatically 


WebKing™ Is a comprehensive tool that helps 
dynamic Web site developers and testers improve 
site quality and development process efficiency. 
WebKing automatically exposes load, construction, 
functionality, presentation, content, and design 
problems on your site, Paths are created 
automatically so you can thoroughly test your 
dynamic site without writing a single script, 
WebKing also provides an infrastructure that lets 
you automatically deploy and test any back-end 
component and related output pages. This helps 
you thoroughly test programs as soon as they are 
developed so you can spot critical problems early 
and repair them before they lead to further errors. 
With WebKing. you can automatically perform the 
following testing techniques, 

Construction Testing 

Each potential path through a dynamic site might 
contain different problems, so you need to create 
and test a virtually infinite number of paths to 
thoroughly test your site's construction. Just click 
a button and WebKing automatically designs, 
traverses, and tests a wide variety of realistic 
paths through the site, These tests expose 
problems such as servlets that throw exceptions, 
CGIs that core dump, databases that crash, and 
errors that affect data input, presentation, and 
navigation; they also enforce coding standards 
which prevent errors. 

Load Testing 

WebKing’s load testing feature lets you find 
a wide range of ioad-reiated problems with 
the click of a button, WebKing automatically 
creates and traverses the requested number 
and type of paths through the site, then 
reports where user traffic could cause 
functionality problems, bottlenecks, and 
program failures, Load-related problems 
are often a symptom of critical 
algorithmic problems; if you use J 

WebKing to start load testing early 
in the development cycle, you can 
spot these algorithmic problems 
immediately and prevent them from 
creating additional problems. 


Functionality Testing 

You can also perform two types of functionality 
testing with WePKing. First, you can check whether 
critical paths through your site contain errors. Just 
specify the functionality you want WebKing to test by 
extending the automatically-generated set of inputs 
and paths, then WebKing will create and test that 
functionality. Second, you can test whether 
appropriate pages contain specific content and 
design elements (such as buttons, text, images, etc.) 
by having WebKing automatically create and enforce 
rules that check for the presence of these elements. 
These rules describe elements in such a way that 
intentional changes (like a calendar that highlights a 
different date on a daily basis) are not falsely 
reported as errors. 

Regression Testing 

You can maintain your site's integrity by performing 
automatic regression testing. WebKing saves your 
test cases so every time you modify your site, you 
can verify that it’s still correct by clicking a button. 
Or, you can integrate batch mode WebKing into your 
nightly builds to ensure that new errors are found 
and fixed immediately, 
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PROGRAMMING WITH PERL ^ ,- 


XWWWWWWWWWWWWWWXW’^^ 




# 1/lisr/bi n/penl -Tw 
use strict; 

$l++; 

use CGI qw( ; 

use CGI::Carp qwlfatalsToBnowserl; 

use FcntT. flock'; # import LDCK_* constants 

## CONFIG 

my $DATAFILE = 8.quot;/home/merlyn/Web/custDmer_survey-clataaquot;; 
my qBUESTIONS = 


51 

52 

53 
5A 

65 

5G 

57 

58 

59 

60 
61 
62 


27 


50 


['Name [optional)’, ’name', \&amp;text field, tqwLsize 60)]], 
['Email (optional)', 'email', \&amp;text field, [qwlsize 60)], 
sub { die &quot;Please include a full email addressISn&quot; 
if /\S/ and not /^^Q/ >, 

[ ' Product ' , ' product ’, \&amp ; popup_menu , 

[values =4gt; ['Please Choose One', 'thx-1138', 'hal 9000']], 
sub {die Siquot; Please choose a product !\n&quDt; 
if /choose/i >, 

1 , 

['Model (if applicable)', 'model', \&amp;text field, 

[qw(size 3B)]], 

['Overall impression' , 'overall', \&amp ; popup_menu , 

[values s&gt; ['Please Choose One', 
qw(Excellent Good Fair Poor)11, 
sub { die Squot;Please choose an impression!\n&quDt; 
if /choose/i ), 

['Reason for product choice (choose all that are applicable)', 
' chose_because’, # referenced below 

\&amp;chBCk box_group, 

[values ^gt; [qw(Price Salesman Quality Performance 
Reliability Other)], 
cols =&gt; 1], 
undef, 1 
], 

[’Other reason for product choice (if applicable)', 
'chDse_because_other ', 

\Siamp;tBxt area, [qwirows 2 columns 60)1, 
sub ( 

die Squot;Please give your other reason..An&quot; 
if not AS/ 

and grep /other/i, atshift-Sgt;(chose.because) ) ; 

), 

], 

['Quality', 'quality', \S<amp;radio_grDup, 

[values *&gt; ['Please Choose One', 
qwtExcellent Good Fair Poor)}, 
cols =&gt; 1, 

], 

sub [ die &quot;Please choose a quality !\n&quot; 

if /choose/i > , 

h 

['Area of use (choose all that apply)', 

'area', \8iamp;scrolling_list, 

[values =&gt: ['Please Choose One Or More', 
qwdiome School Office)], 


multiple =aigt; 'true', 

1 , 

sub {die 8.quot;Please choose an area!\n&quot; 
unless grep l/choose/i, S$_ >, 

1 . 

['Cotrments', ' coimients’, \&amp;text area, 

[qw(rows 10 columns 50)]], 

i; 

## END CONFIG 

print header, start_html(B,quot;Customer Survey&quot;), 
hl(8.quot;Customer Survey&quot;); 

eval { 

my ^results = map { $_ =&gt; [param($_)] ) param; 

die &quot;Please fill out this form...Nn&quot; unless %results; 

for (SQUESTIONS) { 

my ($label, $name, $func, $opts, $validator, $multi) = a)$_; 

my 5)values = □){$result5{$name} 11 []); 

die 8(quot;\n$name\nToD many values, try again..An&quot; 

if Values &gt; 1 and not $multi; 
next unless $validator and ref Ivalidator eq &quot;CODE&quot;; 
local $_ = $mult1 ? ScDvalues : $values[0]; 
eval { $validatar-&gt; (NSinesults) ); 
die &quot;\n$name\n$cL^uot; If $31; 

) 

## made it past the errors, so save it 
eval { 

## so that these don’t trigger outer error 
require XML: :Simple; 

my $out = XML; :S1mple: :XMLout(\5{results); 
open OUT, &quot;&gt;&gt;$DATAFILE&quot; or 

die &quat;Cannot append to $0ATAFILE: $!&quot;; 
flock OUT, LGCK.EX; 
print OUT $out; 

close OUT; # and release lock 

## DEBUG 

print table({border =&gt; 11, Tr(td(prB(escapeHTML($outl)))); 


}; 

print STDERR $3) if 


# if that last thing errored 


); 

my Serror = $3l; 
if (Serrcr) { 

my $fUg = ($error =- s/'"\n(\S+)\n//) 7 $1 : &quot;&quot;; 
print p($eprar), start_form; 
print table({border “&gt; 0, colspacing ^gt; 0, 
oolpadding =&gt; 2), 
map ( 

my($label, $name, $func, $Dpts) = 5)$_; 

Tr(($name eq $flag ? (bgcolor =&gt; '#ffcccc') : Ol, 
th((align s&gt; 'right', valign =^gt; 'top'), $label), 
td($func-&gt;(-name =&gt; $name, aSopts))); 

} aOUESTIDNS); 

print submit, end_form; 

} else { 

print p(&quot;Thank youl&quot;); 

) 

print end_html; 


parameter that hasn’t been permitted to be 
multi-valued. If this ever occurred, it would 
probably be because someone faked a form 
submission, rather than the result of a normal 
operation. 

After determining that a single-valued 
parameter isn’t somehow multivalued, the 
next step is to verify the presence of a specific 
validator in line 73. If this validator isn’t pres¬ 
ent, then the field is presumed valid no matter 
what value has been provided. 

Line 74 sets up a temporary value for the $_ 
variable. It will be either a scalar containing the 
field value, or a reference to the list of field 
values if a multi-valued parameter is permit¬ 
ted. 1 found it easier to have the validators 
execute regular expressions against a regional 


$_ value, rather than always having to shift 51 _ 
or access $_[ 0 ]. Line 75 executes the validator, 
passing it a reference to the %results hash 
on those rare occasions when the validity of 
one field depends on the state of another. 

If the validator runs to completion, then $51 
will be detected as being unset in line 76, and 
the program will go on to the next field. 
However, if the validator dies, the error string 
is prepended with the name of the current 
field, bracketed by new lines. The form print¬ 
ing field will then recognize this as the field 
name of the line to be flagged in pink. 

If we run all of the validators and everything 
looks good, we continue on down to line 81, 
which begins another inner eval block, this 
time just to catch any unforeseen errors. 


The next block of code dumps the data as XML 
to a logfile. Line 83 pulls in the XML:: Simple 
module (found in the CPAN). We don’t do this on 
every hit, because it’s an unnecessary expense 
on those invocations that don’t involve XML 

Line 84 converts the %results hash into a 
valid XML text stream. Lines 85 through 88 
append the text stream to the $DATAFILE 
file, locking the file for exclusive access during 
the write. 

For debugging purposes, in line 91 I also 
encoded the XML for HTML display, wrapped it 
in a pre shortcut, and put it in a nice, boxed 
single-cell table. This was great while testing, 
to ensure that the resulting XML for a particu¬ 
lar form was valid and parsable. Obviously, a 
production program wouldn’t do this. 
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Line 93 takes any (unexpected) error result¬ 
ing from the eval block in lines 8i to 92 and 
dumps it to STDERR, as if the eval block 
weren’t there. 

That wraps up the main logic of the 
program, but much of this program resides in 
the olQUESTIONS data strurture, so lets go back 
and examine that in more detail. 

The first field in line 15 is a simple text field 
called name with an appropriate label and 
optional parameters specifying an on-screen 
size of 60. The resulting construct acts as if we 
had directly invoked: text field (-name => 
'name', size => 60 ); to generate the text 
field. 

Lines 16 to 19 set up the second field (called 
email), also a text field with a size of 60. I’ve 
also included a validation subroutine. When 
the form is submitted, the value of the form 
field appears in $_ (which can never be an 
arrayref, because we haven’t enabled this as a 
multivalue field). Thus, the two regular expres¬ 
sions in line 18 that examine $_ are testing the 
proper data. (For simplicity, I decided that a 
non-blank email field that didn’t contain an ol 
isn’t a valid email address.) If the test fails, the 
d1 e aborts this check, as well as the overall 


validation pass, causing this form row to be 
highlighted in pink upon resubmission. 

Lines 20 to 23 create a pop-up menu. The 
values are given in line 21, which also sets 
the default to the first item. On form submis¬ 
sion, we ensure that the default wasn’t sel¬ 
ected (meaning that the form wasn’t properly 
completed). 

Line 24 is another simple text field with a 
different width just to show some variety. Lines 
25 to 28 create another pop-up menu. 

Lines 29 to 42 form two related fields. First, 
we have a check box group that can return 
multiple values selected simultaneously 
(flagged as the 1 in line 34). These are organ¬ 
ized into a single column (line 33). Next, if the 
check box item for Other is selected, we have 
a text field for the customer to fill out as to the 
precise nature of “other." 

There’s no validation for the check box 
group; however, we need to ensure that there’s 
some data in the “other” description if Other 
is picked. This is handled in lines 38 to 41. We 
use the first (and only) parameter passed to the 
subroutine, which is a reference to the entire 
SSresults hash. Digging through there, if we 
see that Other is chosen for the check box 


group above, then we need to also have a non¬ 
empty value for this text area, or else fail. Most 
fields won’t have such a strong coupling: this is 
the exception. If you have ideas for a cleaner 
and yet flexible interface, let me know. 

I include a radio group for the field defined 
in lines 43 to 48, and a scrolling list in lines 49 
to 56. The scrolling list defaults to the first 
item, including the word Choose. The valida¬ 
tion subroutine in line 54 ensures that this 
isn’t one of the actual chosen items, meaning 
the customer didn’t even look at this field (or 
else had reset it). And finally, line 57 defines a 
plain textarea. 

And there you have it: a fairly generic 
survey form that validates the various form 
fields in a table-driven manner, coupled with 
an XML output module so we’ll be able to 
transform or summarize the data using a wide 
array of XML processing tools. Now there’s no 
excuse for you not to get customer feedback. 
Until next time, enjoy! >< 

Randal (merlyn 0 stonehenge.com) has coau~ 
thored the must-have stondords Programming 
Perl, Learning Perl, and Effective Perl 
Programming. 
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Ray Argus 



Ideally, data-driven Web sites shouid ietyou separate content from 

presentation. Authors should create content without regard to how it 
will be displayed, letting designers manage the actual appearance of the 
page elements. But what happens when anyone with access to your site 
can create content? 

Recently, a client asked me to build a classified ad system using PHP. 
The system needed to let users place their own ads online. But because 
that invites spam and other mischief, an administrator would have to 
approve the ads (after possibly processing a credit card for payment). 

The system I devised can integrate with the PHP shopping cart that 
appeared in the November 2000 Web Techniques “Script Junkie" column I 
wrote with Jerid Freeland. 

What’s In an Ad? 

To represent an ad, I created a database table. Each row contains one ad. 
Here are the fields: 

• catld. The category ID {each ad is. of course, in a classification). 

• adid. A unique ID for the ad (an auto increment or identity field). 

• exp. The expiration date and time of the ad, 

• title. The ad’s title. 

• text. The main text of the ad (as a blob field). 

• response. The advertiser’s email address. 

• graphi curl. An optional image to post with the ad, 

• posted. The posted time and date. 

• active. Set to 1 tf the ad is approved for display. 

In addition to the ads, I also created a table for categories of ads. This 
way it would be easy to add and change categories just by modifying 
the database. 

There are only a few basic operations necessary for managing the ad 
database. Of course, I wanted to be able to display an ad. I also needed 
to delete, insert, and approve ads. And I needed a way to pay for ads and 
search the ads for a keyword. 

One classic problem with inserting records into a multiuser database 
like this one is generating a unique value for fields like adid. This is 


such a common problem that most databases supply some way of 
dealing with it. 

Also, while letting the database assign the ID number is handy, it 
leads to another problem; How do you determine the ID of the record 
you just inserted? 

The add.php file, shown in Listing 1, contains the code to insert a new 
ad. Notice that all of the database-specific calls and information appear 
in a different file (db.inc). This lets you swap the database you want to 
use merely by changing that one file. Other Include files used in this 
(and most other) pages set some common values (common.inc) and 
the appearance of the top portion of each page (head.inc). You can find 
all of these listings online. Using a common include file for things like 
the page header is a great way to enforce consistency among the differ¬ 
ent pages in an application. 

An interesting feature in the add.php form is the pop-up help for each 
field. Each field has a help link that uses some JavaScript to start the file 
help.php. An argument in the query string lets this file display the 
correct help message. You could improve this help feature by rewriting it 
so that it reads the help text from another database table, making it 
much easier to change the help content. 

The add.php script displays a form for the user to enter his or her ad. 

It then submits the data back to the same page and, if there are no 
errors, places it in the database. Once this is done, the script needs to 
show the user a preview. 

Showing Ads 

of course, this preview page is only one place where you want to display 
an ad. Because I’m thinking about code reuse throughout my project, 
this calls for another include file (show.inc). The main function I’ll keep 
in this include, showad, takes an array containing an ad’s fields and 
displays it. As every part of the application uses this function, changing 
showad changes the appearance of every ad, every time. The other func¬ 
tion in show.inc converts quotes, tabs, and newlines into the appropri¬ 
ate HTML character codes. 

The preview simply displays one ad. However, when browsing or 
searching ads, you’ll need to show multiple ads from the database at 
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99 O 


Internet/Web Site Management 

01 □ Internet VP/Director/Ceneral 
Manager 

02 □ InternetAAeb Site Manager 
03 □ Webmaster 

04 □ Web Site Content Developer 
05 □ Web Site Designer 

IS/IT Professionals 

20 □ CTO/ClOA/P Information Systems 

21 □ IS/IT Director/Manager 

22 □ Database Manager/Aciministrator 

23 n Network^elecommunications 

Manager 

24 □ Systems Manager 

25 □ Director/Manager Software 

Development 

26 □ Analyst 

27 □ Programmer 


Corporate Management 

40 □ CEO/President/Partner/Directnr/Owmer 

41 □ CFO 

42 □ COO/EVP 

43 □ Systems Integration Consultant 

44 □ Internet Business Consultant 

Business Unit/Department Management 

60 □ Marketing 

61 □ Sales 

bin Finance/Accounting 

63 n Human Resources 

64 □ Product Development/R&D 

09 □ Other (Please specify) 


4. What is the primary business of your organization? (Select only one) 


InternetAVeb Industry 

01 □ ISP/internet Service Provider 

02 □ Weh Hosting Service 

03 □ Web site Design 

04 □ InternetA'Veb Consultant 

05 □ Internet Hardware Manufacturer 

06 □ Internet Softw-are 

Developer/Publisher 
19 □ Other (please specify) 


High Technology Industry 

20 □ Software Developer/Pubiisher 

21 □ Hardw'are Manufacturer 

22 □ Network Equipment Manufacturer 

23 □ Telecommunications 

24 □ Cable/Satellite Service Provider 

25 □ Consultant 


General Industry 

40 □ Media(Broadca5t/Publishing/ 

Enterta i nmenCAd vert i sing) 

41 □ Manufacturer (other than computer) 

42 □ Finance/Banking/Accounting 

43 □ Insurance/Legal Services/Real Estate 

44 □ Government (federal/state/local/ 

military) 

45 □ Health Care 

46 □ Wholesale/Retail Trade 

47 □ Transportation 

48 □ Education 

49 □ Utilities 

50 □ Hospitality/Travel 

79 □ Other (please specify) 


fj. In what ways are you engaged in developing and/or managing Internet 
sites? (Select all that apply) 

01 □ Database Integration 
02 □ Design Graphics 
03 O Develop Content 
04 □ Direct my Organization's Internet 
Operations 
05 □ Manage Access 
06 □ Manage Data Communications 
07 □ Manage Hardware/Software 
08 □ Manage Site Configuration/System 
09 □ Manage System Security 

7. How many Internet sites (Internets, Intranets, Extranets) are you 
involved in developing and or managing? (Select only one) 

01 □ 1-2 sites 02 O 3-9 sites 03 □ 10-24 sites 04 □ 25-49 sites 05 □ 50 or more sites 


10 □ Manage Network 

11 □ Manage Outside Web 

Prov ider/Consu I ta nt 

12 □ Production/HTML Conversion 
1 3 □ Programming 

14 0 Provide MarketingfBusiness Strategy 
99 □ Other (Please specify) 


8. Which of the following types of web sites is your organization (or your 
consulting clients') deploying? [Select all that apply) 

01 □ Internet - consumer Web site for public business-to-consumer purposes 

02 □ Internet - business Web site for public business-to-liusiness purposes 

03 □ Intranet Web site for internal company communications 

04 □ Extranet Web site for communications among conipany 

and its suppliers/clients 

09 □ None of the above 


9. What is the dollar volume your organization (or your consulting clients' 
combined) will spend in the following categories for Internet/Web site 
implementation in the next twelve months? 

(Select one amount for each category) 



Internet 

Internet 

Internet' 

Interrret 


Infrastructure 

Computers & 

Internet Enabled 

Acces^'Hosting 


Equipment 

Server Hardware 

Software 

Services 

Over SIO Million 

08 0 

28 0 

48 □ 

68 □ 

$5 Million - $9.9 Million 

07 C 

27 0 

47 □ 

67 0 

$2.5 Million - $4.9 Million 

06 □ 

26 □ 

46 n 

66 □ 

$1 Million - $2.4 Million 

05 □ 

25 □ 

45 □ 

65 D 

$500,000 - $999,999 

04 0 

24 0 

44 0 

64 O 

$100,000-$499,999 

03 □ 

23 0 

43 0 

63 □ 

$50,000 - $99,999 

02 □ 

22 □ 

42 □ 

62 □ 

less than $50,000 

01 □ 

21 □ 

41 □ 

61 □ 


26 □ VAR 

27 □ Systems Integrator 

39 □ Other (please specify) 


Continued on back ► 























10. How many people are employed in your organization (or your consulting 


clients' combined)? 

At voyr location 

Company-wnip 

More than 20,000 Employees 

07 0 

27 0 

10,000 - 19,999 Employees 

06 0 

26 □ 

5,000 - 9,999 Employees 

05 □ 

25 0 

1,000 - 4,999 Employees 

04 0 

24 0 

500 - 999 Employees 

03 □ 

23 0 

100 - 499 Employees 

02 □ 

22 □ 

Less than 100 Employees 

01 □ 

21 □ 


It. Do you work tor or provide a service to a Fortune 1000 company? 

01 □ Yes 02 □ No 


12. Please inditate which of the following describes your functional 
involvement in your organization's acquisition of Internet products 
and services. 

(Select all that apply) 

01 □ Determine Needs 

02 □ Provide Teclinical Evaluation or Specifications 
03 □ RecommentI Purchase 
04 □ Specify/Select Products, Brands or Vendors 
05 □ Authorize/Approve Purchases 
06 □ Set Business Goals, Direction, Budget or Standards 
07 □ Initiate Purchase 
99 □ No Involvement 

13. What is the highest level for which vou determine the need, evaluate, recom¬ 
mend, specify, buy or approve Internet hardware, software or access services 
for your organization's (or your consulting clients') Web site/s? 

(Select only one) 

01 □ Several Different 03 □ Several Divisions or 05 □ Department 

Companies Sites 06 G Workgroup 

02 □ Entire Company 04 □ Several Departments 07 □ Myself 


7_LQld_here 


PLEASE MAKE SURE YOU'VE: 

• Signed and dated the form 

• Filled out the form completely 

• Applied postage 


DO NOT STAPLE — PLEASE TAPE 






PO BOX 
SKOKIE 



1246 

IL 60076-8246 




PLACE 

STAMP 

HERE 




14. Which of the following products and services do you yourself determine 
the need for, evaluate, recommend, specify, buy or approve for your 
organization’s (or your consulting clients') Web site/s? (Select all that apply) 


nternetAVeb Software 

)1 □ Advertising Server Software 
)2 □ Croupv^ are/Codaboration 
)3 □ Database Integration 
)4 C Electronic Commerce 
)5 □ Graphic Design 
)6 □ HTML Authoring 
)7 □ Application Development Tools 
□ Push/Netcasting Technologies 
19 □ Scripting Language 
0 □ Searching/Indexing 

1 □ Security/Firewalls 

2 □ Site Management 

3 □ Statistical Site Analysis 

4 □ Stream!ng^Multimedia 

5 □ 3D Authoring 

6 □ Web Browsers 

7 □ Web Content 

8 □ Encryption 

9 □ Web Server Software 

29 □ Other InternetA^^eb Software 
(please specify)_ 


Other Software 

80 □ Operating Systems 

81 □ LAN 

82 □ Application Servers 

83 □ Application Development Tools 

84 □ E-mail Servers/Clients 

85 □ Database Servers/Clients 

89 □ Other Software (please specify) 


Computer Hardware 

30 □ Server Hardware 

31 □ Workstations 

32 □ UNIX Computers 

33 □ MAC Computers 

34 □ Network Computers 

35 □ PC Computers 

36 □ Monitors 

37 □ Modems 

38 □ Bridges/Routers/Cateways/Hubs 

39 □ Digital Imaging 

40 □ Storage/Ddta Warehousing 

41 □ Uninterruptible Power Supplies 


59 □ Other Hardware (Please specify) 


Services 

60 □ Web Hosting Services 

61 □ Web Design/Development 

Consulting 

62 □ Electronic Commerce Payment 

Services 

63 0 Rented ApplicationVASPs 

69 □ Other Services (please specify) 


Internet Access 

70 □ ISDN Services 


A FOLD HERE A 

71 □ Dedicated Leased Lines 

72 □ Fractional T-l/T-1 Services 

73 □ T-3 Services 

74 □ Cable internet Access 

Services ( CATV) 

75 □ DSL 

76 □ Wireless Remote Access Services 

77 □ Satellite Access Services 

78 □ Other Services (please specity) 


99 □ None of the above 


15. Please check this box if you wish to be notified via email about 
products or services that may be of interest to you. 

01 □ 


*Fublfsher reserves fhe right to determine quafifrcation tor FREE subscriptions 

























once. You can match these steps to the code in show.php; 

• Issue a query against the ads table; 

• use fetch_array to obtain a single result row; 

• call showad to display the ad; 

• repeat until there are no more rows. 

You probably don’t want to display dozens or hundreds of ads on a 
single page. Controlling the number of results returned is another oper¬ 
ation that depends on which database you’re using. 

Another option is to simply skip the number of rows required to 
reach the first record of the page, even though this isn't nearly as effi¬ 
cient. The $can_use_l1m1t variable in db.inc tells the code whether it 
should skip to the start of the data so the code can operate efficiently 
when possible. 

Now that the ads can be broken up into multiple pages, I must 
provide a way to navigate forward and backward in the list. I know the 
result set will only contain the number of rows I ask for or fewer. If 
the query returns fewer rows than I asked for, then I know that no 
more rows are coming, and this is the last page I’ll need to display. 

It can be hard to determine whether you’ve exhausted the list, 
however, if the number of ads is evenly divisible by the page size. In 
other words; If you’re showing five ads per page, and there are 20 ads 
in the database, how can you tell which is the last page, as each page 
contains the same number of ads? 

My solution was to request one more record than i actually plan to 
display. Then it’s simple to tell whether show.php is displaying the last 
page, because the total number of records returned will be one less than 
the requested number. The ODBC version, of course, doesn’t really fetch 
a small set of data, but you can use the same technique. If you expect a 
lot of ads, you might want to use a database-specific technique to limit 
the result set, as I did with MySQL 

Database Divergence 

Although SQL is supposed to be a standard, actual implementations 
vary wildly between databases. This project uses some complex queries, 
so I decided to wrap all of the database code in a single include file. 

Even the queries (which could be stored procedures) are in the include 
file-that way I could rewrite the queries to match whatever database is 
in use. However, most of them contain PHP variables, and that can be a 
problem. Suppose I wrote this query in the db.inc file: 

$myquery = "select * from ads where ad1d=$adid"; 
then later 1 executed this PHP code: 

$ad1d=l00; 

$result=query($myquery); 

This won’t work. Written this way, the value of $adi d must be set 
before the assignment to Smyquery (which isn’t practical). The answer 
is to delay evaluation of the query until you’re ready to execute it. 

Here’s the correct way to write the query: 

Smyquery = "select * from ads where ad1d=\$ad1d"; 

By escaping the dollar sign here, the variable $ad1 d won’t be evalu¬ 
ated until the query function is executed, at which time it will plug in 


the correct value. Note that this way, you either have to pass $adnd 
to query or make it global. (I chose to make it global.) Here’s a snippet 
from the query function: 

function query($s) { 

// eval $s for variables 
global $ad1d,.... 
eval("\$s=\"$s\";"); 

There are only five functions in db.inc that might require a new 
implementation when changing to another database: 

■ query. Perform a query, 

■ f etch_array. Put the next row into an array. 

■ 1nsErt_1d. Find the last inserted ID field. 

• show_date. Format a date field. 

* get_tDdaystr1 ng. Get a string for today’s date with an optional 
offset in days. 

You also have to define $can_use_l1mit (as mentioned earlier) and 
a format for dates ($db_datefmt). There are 10 different queries 
defined, although many of them are simple enough that they shouldn’t 
require changes for a different database. 

PayniEnt and Approval 

If the user approves the ad after watching the preview, the common.inc 
file can be configured to either allow the ad at no charge, or link to the 
shopping cart. If payment is necessary, the file pay.php presents a form 
with price choices, which jumps to the cart. 

In either case, the ad doesn’t appear until an administrator uses 
the approval form to authorize the ad to appear (this sets the active 
field). This form has rudimentary password protection—you must 
provide a query string of pw=babCDm5 or the page simply redirects 
back to the index. 

The only problem with interfacing with the shopping cart is that the 
original cart required a single item code to refer to a single item. I have 
made a few very simple changes to the cart so that it ignores any part 
of the item code that follows a colon. This means that you can create a 
product code like classad30 and then refer to ad number loo as 
classacl30:100. By examining the entire code on the invoice, the 
administrator can distinguish between different ads. 

Consistency 

The point of separating content from presentation is to ensure a pleas¬ 
ing and consistent presentation. The PHP include files make this very 
simple. Every page uses head.inc to set its top banner. Any time the 
application displays an ad, it does so via showad (in show.inc). The navi¬ 
gation bar is in navtable.inc. To change any of the elements, you only 
change a single file. 

Be sure to check out all of the listings for this article online at 
(www.webtechniques.eom/sourcecode/200i/n). PHP’s database agility 
and powerful features (like the eval function) make it ideal for this 
type of application. Even if you aren’t interested in advertising, you 
can apply the techniques in this application to any database-driven 
Web site. >< 

Roy is a Houston-area consultant specializing in e-commerce oppl/cotions. 
You can contact him at rayargus(a)houston.rr.com. 
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JClass Enterprise^ 
Suite 5.0 

Sitraka 

www.sitr3ka.com 

$2499 (with source: $4999) 


\\\\\\\\ 


Showing Off Your Data 

when it comes to selecting JavaBeans for 

building great business application interfaces, 
JClass from Sitraka (formerly KL Group) has 
always been a solid option. In the latest 
release of JClass Enterprise Suite 5.0, Sitraka 
has brought the suite up to date with 
the latest Java 2 development kit and has 
added some significant optimizations and 
new features. 

The JClass Enterprise Suite is most useful 
for data-bound applications. Although it’s 
possible to use individual components with¬ 
out data bindings—in fact, the improved XML 
support throughout the suite makes this 
faster and easier than before—you’ll get the 
most mileage out of JClass when you use it in 
concert with a database. You can use any 
JDBC data source, or estabiish your own 
programmatically. 

Data binding is best managed through the 
aptly named Data Bean. This handles all low- 
level driver detaiis and query setup (including 
the ability to easily join multiple tables), and it 
interfaces to other data-aware components. 
These components can include one of the 
many data-aware JClass controls, standard 
Swing-based Beans, or of course. Beans you 
develop yourself. 

After configuring the data source-which you 
can do at runtime or, preferably, at design time 
using the Data Bean’s extensive customizers— 
you typicaliy set up database navigation. To do 
this, you use a combination of two things: a 
Tree Data Bean that can display master-detail 
relationships in a hierarchical format, and one 
or more Data Navigator Beans that let you 
navigate between records at any level in the 
hierarchy. 

You then use the JClass field controls collec¬ 
tion to display individual record data. This 
collection supports the usual data validation 
and masking operations for all of its members, 
including combo boxes and data-specific widg¬ 
ets like spin fields and date pop-ups. These 
controls also offer auto-complete, and they 
automatically highlight invalid entries. 


For more advanced data entry and retrieval, 
you can use the JClass HiGrid. This highly 
configurable, extensible control lets you create 
a hierarchical view of your data, showing 
multiple records from multiple data sources at 
the same time, and using as many levels as you 
want. It’s extremely easy to let end users edit, 
sort, copy, and paste data. Custom functional¬ 
ity is simple to add as well. 

You can display data that’s best represented 
visually using the JClass 2D and 3D chart con¬ 
trols, which are also fully data-enabled. We’ll 
take a more in-depth look at these later. 

Keeping It Together 

Designing complex record views is easy with 
the LiveTable control. It acts as both a layout 
manager—supporting preset and custom cell 
editing and dispiay behavior for all types of 
data—and it ensures that all embedded con¬ 
trols are updated when a different record is 
selected. 

Because cells can contain just about any 
Java component, and you can implement 
custom rendering routines as well, LiveTable 
isn’t limited to simple text data representa¬ 
tions. Adding “exotic” elements like HTML or 
pictures is straightforward. 

Of course, no application can get away with 
only having a fancy onscreen presentation. 
Printed results also need to look good. LiveTable 
comes with pretty good printing support, but 
for more complex output, JClass includes the 
PageLayout control. 

Geared toward reporting, PageLayout makes 
it easy to add paginated, formatted text and 
image output to your applications. You can 
send output to any available printer, view it on¬ 
screen, or export it to a PCL, PostScript, or PDF 
file. PageLayout provides special support for 
tables, and for mathematical and statistical 
formulas. 

In addition to the data-bound controls, 
JClass also contains a wealth of utility Beans 
that can help you get your application just 
right. The Elements collection offers visual 
and non-visual components, ranging from an 
HTML control, a font chooser, assorted gauge 
controls and a wizard creator to thread safety 
utilities, a string tokenizer, and a debug 
helper module. 

Also worth mentioning is the standalone 
JarMaster utility. This utility packages your 
application, along with only those classes it 
requires, in a single JAR or ZIP file, creating a 
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Some components 

flexible and extensh 
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ble programming 
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interface: decent 

sample code. 

performance. 



fully functional package that’s quick to 
download. 


Beautiful Charts 

Graphing Beans are the most visually impres¬ 
sive components that ship with JClass. In addi¬ 
tion to most 2D charts, JClass 5.0 also lets you 
make 3D graphs. Although they’re not particu¬ 
larly lightweight in runtime requirements— 

3D charts won’t work without OpenGL and 
JavaBD libraries on the target system—the 
results are aesthetically pleasing enough to be 
worth it. 

Possible chart configurations include 
mesh, surface, contour, and zone drawings. 
You can easily customize most aspects of the 
chart programmatically. If you choose to 
enable 3D graphing, end-users can control 
features like panning, zooming, and rotating 
at runtime. 

I had some initial trouble getting the 
JClass 3D chart to work correctly in JBuilder 5. 
The Java3D and OpenGL technologies that 
this component uses are so cutting-edge that 
most IDEs won’t be able to host JClass 3D 
correctly. Fortunately, Sitraka also includes a 
separate version that uses regular bitmaps, 
so IDE users can at least use 3D charts until 
their environments catch up with the tech¬ 
nology. This workaround isn’t as cool as the 
full-fledged version, nor does it offer the 
same performance. 

All in all, the JClass Enterprise suite is a 
remarkably complete product. It should signifi¬ 
cantly reduce the amount of time necessary to 
produce an application with a good-looking 
interface and enough power to rise to the 
expectations that those pretty pictures raise. 

-Michief de Bruijn 

Michiel lives in Rotterdam, the Netherlands. He is 
0 networking and development specialist for an 
international media group. Michiel welcomes 
questions and comments. You can reach him at 
mdbfa)x42.net. 
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Primalscript 2.2 

Sapien Technologies 
www.sapien.com 

$149 by download or $199 on CD-ROM 


A Smart Code Editor for 
Windows 

Primalscript 2.1 is a first-class code editor that 

has many elements of a developer’s environ¬ 
ment. The software is full of features you’ll find 
useful when you need a tool that’s more upscale 
than Notepad, but not as cumbersome or expen¬ 
sive as Microsoft Visual Studio or Macromedia 
Dreamweaver UltraDev. The designers have 
added many features that boost productivity 
without getting in your way. The editor supports 
more than 25 programming languages, ranging 
from ASP.net to REXX and XML 

Full Editing Control 

Primalscript is a tool for those who write or 
tweak code by typing or pasting it in line-by- 
line. Unlike the fancy GUI environments where 
the software writes the code, with Primalscript 
you control of what goes into the script and 
how it looks. When you make a quick change 
to a batch file, you want an editor that doesn’t 
try to reformat line breaks. Primalscript knows 
better than to mess with the code without 
permission. 

That said, the product offers a lot of support 
for efficient coding. For example, as soon as 
you start typing a script, the syntax coloring 
feature distinguishes keywords, attributes, and 
values for a better view of the code. 

Another excellent default feature is the line¬ 
numbering along the left border. You can 
switch it off, but it’s key for debugging. 

And, unlike Notepad, Primalscript lets you 
drag code from one area and drop it into 
another. How many times have you been edit¬ 
ing a line deep into a long script and needed to 
check a variable name you used much earlier in 
the code? Primalscript tracks your last edit 
position so you don’t lose your place. Hit Ctrl-E 
to jump right back to where you were working. 
If you’re working in several areas of the script 
at once, you can set bookmarks and then step 
through them using F2. 


Other convenience features include tools to 
switch the case of selected text, and convert 
spaces into tabs or vice versa. 

You know you’re getting a higher-end editor 
when you find code completion. PrimalSense is 
similar to Microsoft’s IntelliSense and supports 
HTML, VBScript, JScript, ASP, ActionScript, and 
PHP. (Support for Cft is planned, pending the 
■Net release.) For example, while editing an 
HTML document, you start a new tag by typing 
<, and up pops a range of possible tags from 
<!DOCTYPE> to <XMP>. Select the tag, press the 
Tab key to insert it, and then move on to add 
attributes. Here’s another example: In 
JavaScript, start typing a line such as a=Math. 
Up pops PrimalSense to help you choose from 
the Math object's properties and functions. 

Windows Scripting Host 

Primalscript is especially strong in its support for 
the latest version of Windows Scripting Host 
(WSH). WSH is commonly used for batch files, 
manipulating MS Office documents, and 
automating system administration tasks like 
adding new users to the domain. WSH is becom¬ 
ing increasingly sophisticated as it moves 
toward the .Net world. Inside Primalscript you 
can run, debug, register, and sign your WSH 
scripts and components. 

Also an Environment 

Primalscript acts as a project-oriented environ¬ 
ment and shell. The company calls this the Nexus. 

In the Nexus, there are tabs for configuring 
the workspace, using the file system, obtaining 
documentation, organizing frequently-used 
programs, storing snippets, and viewing COM 
objects. While the workspace-oriented approach 
is a good idea, some of the implementation 
could be better. For example, adding a new file to 
your project is an annoying multiple-step proce¬ 
dure when it should be effortless. To add a new 
file, you click on File, then New, and select a 
language template. When you save your file, it 
doesn’t automatically appear in your workspace. 
You must right-click and navigate through the 
file system again to manually add the file. At the 
very least, the software should offer to add each 
new file to the workspace. 

If you’re developing Web-oriented scripts, 
there's a good chance that you need to copy 
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Pnmalscnpt is especially strong 

in its support for the latest version of 
Windows Scripting Host (WSH). 


your files to the server. The built-in FTP 
upload/download capability is easy to config¬ 
ure and works well. Unfortunately, the 
Workspace Nexus doesn’t let you select multi¬ 
ple files to transfer. To upload, you can choose 
to send all files with the Publish command or 
with the single-file Upload command. 

Although Primalscript doesn’t offer full code 
completion for all registered COM objects, it 
does provide it for specific languages. It also 
offers the next best thing: The Type Library 
Browser tab acts as an integrated Object Brow¬ 
ser for viewing the properties and methods of 
components on your system. Another tab, the 
Tools Nexus, helps you organize the tools that 
you use frequently. You can add shortcuts to 
programs from within the environment. The 
Snippets tab includes many default structures 
for supported languages. For example, if you 
expand the JavaScript node, you can drag a 
ready-made swi tch/case statement to your 
page. You can also add and edit your own snip¬ 
pets. Along the same lines, there’s a macro func¬ 
tion that lets you capture and replay keystrokes. 
You can assign your own keystrokes to any 
Primalscript function using the Shortkey win¬ 
dow. The Info tab features a tree view full of 
scripting resources. Some nodes link to Help 
files on your local file system and others link to 
pages on the Internet. Web pages appear in 
Primal script’s built-in browser. 

A Good Buy 

In Primalscript 2 . 1 , Sapien has released a solid 
contender among script editors in the Windows 
environment. Apart from some annoyances 
with documentation, the product is easy to use 
and configure. There are lots of places for 
customization—so the tool fits your style 
rather than forcing you to adapt. Of course, the 
danger of too many features is always present 
in a product like this. Then again, if the tool 
gets bloated and clunky, developers can always 
go back to using a text editor like Notepad. 

-Ken Cox 

Ken is a technical writer, Web developer, and 
Microsoft MVP in Toronto. You can reach him at 
kjopc(a>hoimail.com. 


november 2001 www.webtpchniqfues.com 51 




























•I 

infrastructure 


ATYOUR 
SERVER 



By providing dedicated hosting in a shared server environment, you can 
offer each of your customers the personalized service he or she expects. 


Jim Jagielski 


Customer Number One 


whether you're administering a single, dedicated Web 

server, or one serving hundreds of hosts, each site’s client 
■ expects and deserves a certain level of support and service. 

Certainly, the normal requirements—for instance, that 
the server is robust and secure and that there are sufficient 
: hardware and network resources for the site—are ones I've 
discussed in previous articles. However, increasingly I hear 

! from clients who want the benefits of dedicated hosting, 

1 

! but in a shared server environment. The two main benefits 
i they want are: guaranteed quality of service (assurance that 
i other sites or virtual hosts won’t gobble up all of the ser- 
' ver’s resources), and secure, dedicated handling of local 
server-side applications—whether they’re CGI scripts or 
mod_perl/PHP/JSP—even if they only serve as front-ends to 
backend application servers. 

Fortunately, with a little know-how, these demands are 
relatively easy to address. A few simple techniques can have 
you on your way to treating every customer as if he or she 
is your only customer. 

Finding a Balance 

Ideally, no one site or client takes more than its fair share 
' of what it needs. With no overlap and no one hogging 
resources, no clients are jilted, and we can use the server 
to its full potential. Of course, this is seldom the case. 

As frequent readers know, I’m a hard and fast fan of 
Apache (and, 1 believe, with good reason). One incredibly 
‘ useful Apache feature is its support for virtual hosts; one 
instance of Apache can handle several separate and dis¬ 
tinct domains. Typically, all virtual hosts are considered 
equal, at least as far as Apache is concerned. There's no 
way to tell Apache, “don't let this virtual host use more 
than X gigabytes of bandwidth," for example. Because of 
this limitation, it's possible for one site to use so many 
server resources that, for all intents and purposes, all other 
virtual hosts are blocked out. In such cases, the shared 
server effectively becomes a dedicated server. 

For example, several years ago a user of my ISP posted 
pictures of his girlfriend in a bikini on his personal Web page. 
The increased traffic to his page basically took over the 
server, and everyone else's pages were adversely affected. 

The Apache module mod_throttle is ideally suited to this 
task. A few other modules perform similar functions, but 
I've found mod_throttle to be the most reliable and best 
suited to the differing setups I've encountered over the 
years. It has a long and comprehensive list of items and 
parameters that it can monitor and allocate for each server, 
virtual host, or user. This means that you can use one tool 
for everything from dedicated servers (where you want to 
provide finer control over how Apache uses resources), 


to traditional shared server virtual hosts, to multiuser 
setups (with URLs like www.foobar,com/~jim). 

Installing mod_throttle is relatively easy. But because it 
needs to keep track of various parameters, such as the num¬ 
ber of requests or the total bandwidth used across all Apache 
processes, mod_throttle must create its own personal and 
private shared memory allocation. Editing the mod_throttle.c 
file to specify which method to use for your particular plat¬ 
form is probably the least intuitive part of the build. 

For FreeBSD and Linux systems in particular, I’ve achieved 
the best results using the System V shared memory imple¬ 
mentation; with Solaris 7 and 8, Posix works best. 

Fundamentally, mod_throttle limits either the number of 
requests Apache will handle, or the total bandwidth used. As 
mentioned above, this can be on a per virtual host basis— 
so it's easy, for example, to set up one virtual host with an 
allocation of 5 CB per day, and another with 10 CB per day. 

Or, if you prefer, you can limit the throughput of the virtual 
hosts to something like 128Kb per second. The choice is 
yours, depending on whether you want to control the total 
usage, the peaks, or some combination of both. 

The module allows four areas of control, each repre¬ 
sented by a distinct directive: 

. Throttle Pol icy. Allows for throttling control in a tradi¬ 
tional Apache container, such as <VirtualHost>, 
<Directory> or <Location>, as well as server wide. 

2. ThrottleUser. Useful in ISP setups where you want to 
limit on a per-local-user basis. 

3. ThrottleRemoteUser. Used to control the way specific 
outside users load the site. For example, you can allow 
specific authenticated users faster throughput than non- 
authenticated ones. 

4. ThrottleClientlP. Lets you track the IP address of the 
requesting client and have separate control over a desig¬ 
nated period of time. This lets you do things like assign 
a different limit to recurring visitors than sporadic or 
unique ones. 

I've found that I use ThrottlePolicy almost exclusively. 
ThrottleUser is mainly useful if you run an ISP that supports 
user home pages. The directive below, for example, limits 
the throughput of each user's page to 560Kb every 10 
seconds (56Kb per second): 

ThrottleUser * Original 560k 10s 

“Original” is a mod_throttle policy that describes what 
mod_throttle should monitor and limit. In this case, we’re 
controlling the throughput (or volume) that’s allowed. 
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other policies specify the number of requests 
per second (Document, Concurrent, and 
Request), a percentage of requests to accept 
(Random), a minimum idle time between 
requests (Idle), as well as other ways of control¬ 
ling throughput (Speed and Volume). 

Normally, mod_throttle adds a small delay 
to incoming requests as it approaches the 
throughput limit. If it reaches the limit, then 
its default action is to refuse requests entirely, 
which isn’t what you want in a production 
environment. I usually set mod_throttle to let 
the delay keep on growing, so that requests 
aren’t refused. I do this by setting the 
ThrottleMaxDelay directive to zero. With this 
set, mod_throttle doesn’t deny requests, and 
as page demand decreases, mod_throttle also 
decreases the delays. 

With its rich feature set, mod.throttle proves 
to be a very robust way of implementing a Qual¬ 
ity of Service plan for your hosting environment. 

Giving CGI Scripts Unique IDs 

Now that we can monitor, control, and limit 
basic resource usage per site, next we must let 
each site operate under its own user ID. This is 
important in a shared environment, such as 
the traditional Apache virtual host setup. When 
Apache starts, it gives up its privileged (or root) 
user ID for a much safer one (traditionally, the 
Unix nobody account). It does this so that, 
should any security holes or exploits be discov¬ 
ered, a compromised unprivileged account is 
much safer than a compromised root account. 

The disadvantage is that internal scripts (such 
as PHP or mod_perl code) or external CGIs all 
operate under this same user ID. Even if each 
script is for a separate virtual host, the operating 
system has no clue that they’re intended for dif¬ 
ferent entities. Thus, if virtual host www.foo.com 
has a script that writes information to a specific 
file, it would be fairly easy for a virtual host on 
the same shared server to read or overwrite the 
data in that file as well, because all of the hosts 
run as the same user ID. 

For CGI scripts, this is easily fixed. Apache 
has a capability called suExec, which is a smart 
CGI wrapper implementation. When Apache 
needs to call an external CGI script, it uses the 
suExec program to execute it, instead of doing 
it directly. Because the suExec program is itself 
suid root (meaning that it runs under the 
permissions and privileges of the root user ID), 
it can run the script under any user or group ID 
that you'd like. 

Thus, each virtual host can be given a unique 
user and group ID, using the traditional User and 
Croup Apache directives. When a CGI script is 


called for that virtual host, suExec runs the 
script, but as the specific user and group, not as 
the generic IDs under which Apache runs. This 
prevents the security problem described above. 

Unfortunately, either solution works only 
with CGI scripts. Server-side scripting exten¬ 
sions, such asJSP, PHP, or mod_perl are unaf¬ 
fected, as these run in the Apache process 
rather than as external programs (which is why 
they’re so fast and efficient). PHP has a mode 
of operation called Safe Mode, which helps a 
bit, but it isn’t entirely safe (nor is it described 
as such). When I want, or need, better protec¬ 
tion, I have to use another solution. 

Running Multiple Instances 

Apache’s support for multiple virtual hosts on 
a single instance sometimes makes people for¬ 
get that they can also run several instances of 
Apache at once. Although it's true that this is a 
less efficient way to use Apache, it provides 
many worthwhile features that are directly 
applicable to our present topic. 

Of course, there are some caveats about 
running multiple instances. First, it isn’t feasi¬ 
ble if you’re running many virtual hosts at the 
same time, unless you have lots of memory to 
spare. You’ll have to bump up various kernel 
level limits (such as the number of available 
processes) to higher than normal values as 
well. Secondly, this technique doesn't work at 
all with name-based virtual hosts. Each virtual 
host requires its own IP address or port, which 
also gobbles up resources. 

If a given virtual host really requires its own, 
unique identity, however, I can create a separate 
Apache instance just for that host, with its own 
configuration file and layout This lets me set 
the server-wide User and Group settings to val¬ 
ues unique to just that host. Once you’ve done 
this, there’s no risk of compromise or overlap, 
even with server-side languages. I can also use 
mod_throttle to control and manage the resour¬ 
ces of each host from a server-wide aspect. 

To make it easy to administer this setup, I 
keep Apache in its traditional location: /usr/ 
local/apache. For each instance of Apache, I 
create a separate configuration directory, such 
as /usr/Iocal/apache/configs/www.foo.com and 
/usr/local/apache/configs/www.bar.com. Once 
the config files in those directories are in place, 

I can start up the Apache instance from the 
command line: 

% /usr/local/apache/b1n/ 
httpd -d \ 

/usr/local/apache/conf1gs/ 
www.fQo.com \ 


This makes it easy to determine each 
instance at a glance from a ps listing, because 
the configuration directory location provides 
that information. 

If I have only a handful of instances to worry 
about, then I can start, stop, or restart the server 
by hand. But when there are more than a few, I 
use scripts to make my life easier. I make a copy 
of the apachecti script and modify it to reflect 
the changes for each instance (where that 
instance’s PID file Is located, and the startup 
command line). I then place the modified copy 
in each instance's configuration directory. 

With that done, it's a simple matter to admin¬ 
ister each instance. If I see that www.foo.com 
needs to be restarted, I simply add: 

% cd /usr/lDcal/apachG/configs/ 
www.fcQ.com 

% ./apachecti restart \ 

I've also used this solution in client environ¬ 
ments that required very high levels of configu¬ 
ration and access control. When this is the case, 
you can actually let customers maintain their 
own configuration files. I certainly wouldn’t 
recommend this in many cases, but having a 
separate instance for each virtual host at least 
makes it possible. 

Sometimes you can better allocate resources 
using separate instances of Apache as well. 
Instead of having 500 Apache processes run¬ 
ning, each responsible for ten virtual hosts, you 
could have ten separate instances, each config¬ 
ured for a maximum of fifty processes. Being 
able to control the maximum number of 
Apache processes for each virtual host supple¬ 
ments the control that mod_throttle provides 
and lets you better use your server resources. 

Now That’s Satisfaction 

To give customers dedicated server class per¬ 
formance and quality guarantees, you don’t 
have to provide a dedicated server for each 
client. We've looked at two simple yet powerful 
methods that, when combined, provideyou 
with a high level of control and manageability, 
while customers receive the service they 
expect. Certainly there are other methods avail¬ 
able, but the ones I’ve presented are simple, 
easy to add, and even easier to use. There's 
nothing wrong with keeping your clients happy 
while keepingyourself sane. >< 

Jifn is best known os one of the core developers of 
Apache, and a member of the board of the ASF, 

He’s a senior consultant for Covalent 
Technologies. Contact him at jim(a)jaguNET.com 
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Supporting a mobile work force using dialup typically involves pricey 

toll-free numbers, substandard hotel telephone lines, and employees 
who are online only part of the day. If you’re fed up, and looking for 
an alternative to traditional modem connectivity for your organiza¬ 
tion’s road warriors, Cellular Digital Packet Data (CDPD) might be a 
welcome solution. 

CDPD is a wireless protocol that rides on top of existing cellular 
networks. It’s inexpensive, but very slow. Yet, if you learn how to work 
around its idiosyncrasies, you can save money and keep your employees 
online around the clock. 

Serial CDPD modems let any device or computer that supports PPP 
over a serial connection use the protocol. Modems are also available as 
PCMCIA cards for laptops, and some manufacturers are even producing 
models in the CompactFlash form factor, for use with handheld devices. 
The value of CDPD for handhelds is limited, however, as their underpow¬ 
ered processors aren’t well equipped for compression software like 
Venturi (more on this later). 


online 

resources 


a movable feast 


Take advantage of 
cellular networks for 
your business data 
needs. 


Verizon’s CDPD Networking Home Page 

www.app.airtouch.com/mobile_ip/index.html 

Business Solutions from AT&T Wireless 
www.attws.com/business 

Fourelle 

www.foureiie.com/venturi.html 

OpenSSH 

www.openssh.org 

Microsoft Virtual Private Networking 
www.microsoft.com/vpn 

ssh Communications Security 
www.ssh.com 


L_ A 


Roaming the Country 

One drawback of CDPD is that data users can only access idle portions 
of the cellular network-those channels of bandwidth that aren’t being 
used for voice calls. Each modem includes a built-in PPP server, however, 
so the user appears to experience uninterrupted (albeit slow) service, 
even when the modem is waiting for a free channel. 

In my own experience, I’ve seldom lost out to roving bands of cell 
phone users; somehow my CDPD modem always finds a channel to use. 
I’ve used it without a hitch in Boston, New York City, and the D.C. metro 
area (some of the most crowded places in the United States). In general, 
my connections have been stable, even in a moving vehicle. Once in a 
while, the signal drops and the modem software needs to re-establish 
the connection. Even so, in practice I’ve found the CDPD modem to be 
at least as reliable as dialup. 

As with mobile phones, roaming fees for CDPD can be quite expen¬ 
sive. with rates as high as 8 cents per kilobyte transferred (about $8o per 
megabyte). Fortunately, most CDPD providers-such as Verizon, 
GoAmerica, and AT&T—offer generous local coverage areas under their 
flat-rate pricing structures. I live in Rhode Island, and I’ve used my CDPD 
modem from the Washington D.C. metro area on up to Boston without 
paying any roaming fees. (I’ve even used it on a train and in a car 
hurtling down Route 95.) 

It’s important, therefore, to make sure that your mobile employees 
know how far the local coverage extends. If far-ranging travelers send 
usage costs escalating out of control, you still have the option of 
configuring the CDPD software to disallow roaming entirely. 

Slow Performance 

A CDPD modem can offer up to 19.2Kbps throughput, even though real- 
world bandwidth is usually lower. The actual amount of data a modem 
can push depends on the signal strength in a given area (a value 
expressed in terms of the ratio of decibels to milliwatts, or dBm). 

I’ve experienced great performance in Boston, New York, and some 
random spots in Rhode Island (in particular, the Coffee Bean cafe in 
Narragansett). I don’t get a strong signal in my home office, however, 
owing to my location on the fringes of a CDPD network. Signal strength 
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at my home is right on the borderline; anything lower than -lOO dBm is 
bad, and I generally hover between -93 and -112 dBm. In other words, 
my CDPD modem is slow. 

CDPD supports the full range of TCP/IP applications, including telnet, 
ssh, HTTP, FTP, and more; but because of its low bandwidth and high 
latency, it’s better at some of these than others. I’ve tried using telnet 
with CDPD, and I don’t recommend it. CDPD is best at protocols that 
can be handled in bursts, such as HTTP requests and responses. If your 
employees spend most of their time using Web pages or the company 
intranet, this should work out just fine. 

One way to speed up Web surfing even further is to use link- 
compression software to reduce the size of downloads, Venturi is one 
such product, and is being supported by several wireless ISPs. Verizon, 
for one, sends a preconfigured copy of the Venturi client to all of its 
CDPD customers. 

The Venturi client is a small program that runs on your laptop. It 
acts as a local proxy server; every time you visit a Web page, your 
browser first contacts the Venturi client. The client in turn contacts a 
Venturi server, which then downloads the page in question and com¬ 
presses its text, HTML, and graphics before sending them over the 
slow CDPD link. Finally, the Venturi client decompresses the data and 
redirects it to your browser. 

This scheme offers its greatest benefit when accessing particularly 
graphics-heavy sites. Venturi employs a highly lossy image compression 
algorithm to reduce images to a fraction of their size before transferring 
them to the remote device (for example, it reduced a 76.8KB JPEG image 
to 41.2KB). Some Web images may not look as attractive as they would 
on an uncompressed connection, but that’s a small price to pay for 
improved performance. Venturi’s text compression can also reduce the 
size of email and USENET news traffic. 

The Venturi client takes up about SMB of memory when idle on my 
system. I’ve used Venturi on both a low-end laptop (166 MHz Pentium, 
80MB of memory) and a higher-end laptop (6ooMHz Pentium III, 
256MB of memory). Even on the humbler machine, Venturi’s presence 
doesn’t seem to impact my overall system performance. Plus, it’s 
Java-based, so it should run on any OS that supports a Java Virtual 
Machine (JVM). 


Keeping Your Data Secure 

CDPD uses strong encryption between the modem and its service pro¬ 
vider, so you can feel reasonably confident that no one will be able to 
intercept your employees’ signals and read confidential data. But once 
the traffic leaves your wireless ISP, it’s on the public Internet, so it’s just 
as insecure as dialup access—or a dedicated connection, for that matter. 

This is where Secure Shell (ssh) or a Virtual Private Network (VPN) can 
be helpful. Either system encrypts every packet that passes between a 
remote machine and your organization’s internal servers. No data is 
decrypted until it’s securely inside your intranet. And, as you’ll see in 
the next section, ssh also offers some performance benefits comparable 
to those of Venturi. 

VPN software, such as that included with Windows 2000, transparently 
redirects all traffic through a virtual network device. For ssh tunneling, 
however, you must set up local ports on your laptop to act as a proxy for a 
remote service. For example, the argument — L81: CDrp_1 ntranet: 80, 
when passed co ssh.exe, forwards all traffic for local port 81 to a hypo¬ 
thetical server called corp_intranet, which we’ll assume is on your orga¬ 
nization's local network. You could then request pages from corp_intranet 
using the URL http://Iocalhost:8i/. This method works for other types of 
traffic as well, including POP and SMTP. 

The topic of security leads to another point about the Venturi 
compression system mentioned earlier. The standard Venturi client 
won’t be much use when accessing intranet pages through encrypted 
tunnels, as the Venturi compression servers are located on the public 
Internet, and won’t have access to your VPN. However Fourelle, the 
maker of Venturi, also offers VPN solutions. If your mobile work force is 
large enough, it may be worth exploring a solution with Fourelle, 
because the performance gain with Venturi is considerable. 

Performance Shootout 

just how considerable is this performance gain? I ran some tests using 
Perl’s Iwp-download utility. I wouldn’t call these numbers benchmarks, 
because as I’ve mentioned before, coverage at my home is poor. So, 
while these numbers are good for gauging the relative differences 
between configurations, your mileage will vary depending on local 
signal strength. 


table 1 


Relative performance of CDPD Web requests lKB=kilobytes). 


Configuration 

Document 1 (7kb htmu 

Document 

2 (SOKB HTML! Document 3 cisskb htmu 

No proxy, no VPN 

Timed out 

971 bytes/sec 

Tirheaout 


Timed out ^ „ 

690 bytes/sec 

Timed out 


Timed out 

1.14 KB/sec 

Timed out 

Venturi compression (No VPN) 

KB/sec 

1.69 KB/sec 

1.33 KB/sec 


2.76 KB/sec 

2.41 KB/sec 

1.2 KB/sec 


2.41 KB/sec 

3.07 KB/iec 

" i.2i KB/sec 

Windows 2000 VPN 

1.44 KB/sff 

661 bytes/sec 

816 bytes/sec 


461 bytes/sec 

1.32 KB/sec 

933 bytes/sec 


1.44 KB/sec 

l.8l KB/sec 

1.2 KB/sec 

Tunneling to VPN via ssh 

461 bytes/sec 

797 bytes/sec 

831 bytes/sec 

(no compression) 

671 bytes/sec 

706 bytes/sec 

9B6 bytes/sec 


1.2 KB/sec ’’ 

898 bytes/sec 

1.08 KB/sec 

Tunneling to VPN via ssh 

1.2 KB/sec 

1.52 KB/sec 

5.1 KB/sec 

(compression enabled) 

1.8 KB/sec 

1.12 KB/sec 

2.77 KB/sec , c 


1.8 KB/sec , 

3.41 KB/sec 

■■:"i,7'KB/SeC: 
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Table i shows the performance of my CDPD modem with some 
different configurations and documents from three different Web 
servers. Each box shows three sampies taken at different times. 

Note that in addition to measuring Venturi compression, I’ve aiso 
measured ssh tunneling with the compression option enabied. This 
setting is worth investigating, for it gives performance gains compara- 
bie to Venturi over an encrypted connection. If you wanted to develop a 
quick and dirty aiternative to Venturi, you could set up a proxy server on 
your intranet, and your users could tunnel into that proxy server using 
ssh with compression enabled. 

Clearly, Venturi and compression enabled ssh are the winners here, so 
you should seriously consider deploying one or the other—perhaps both. 
Even if you’re using Venturi for HTTP traffic, ssh can be helpful in other 
cases. For example, I use ssh to tunnel into an SMTP and POP server for 
sending and receiving email. This lets me set up a secure connection so 
I don’t have to send my POP password in plaintext across the Internet, It 
also improves performance considerably once the link is established. I 
use Venturi for Web traffic, and ssh for just about everything else. 

Hints For Content Creators 

what can you do if you’re developing Web pages, perhaps for an intranet 
site, that will be used by a large group of CDPD users? I suggest that you 
turn the clock back to the early days of the Web, when we all had 9600 bps 
or 14.4K modems. The rules mostly amount to common sense: Don’t use a 
lot of images on your pages, and keep the images you use small. Also keep 
in mind that some CDPD users may opt to turn off images entirely. 

Beware of fancy HTML generators. These can add a lot of markup that 
isn’t all that useful, yet takes up a lot of bandwidth. I created an HTML 
document in Microsoft Word 2000 that simply contained the words 
“Hello, World,” and was titled the same. When saved, this document 
ended up being 1608 bytes in size. I wrote a similar document using 
hand-coded HTML, and it came out to a mere 90 bytes! 

Wireless Alternatives 

while CDPD has its problems, at present it’s difficult to find solid competi¬ 
tors in the wireless data market. One offering that for a time seemed 
promising was the Ricochet service, developed by Metricom. Ricochet was 
launched in the 1990s, and offered faster throughput than CDPD, with 
bandwidth as high as 128 Kbps. Unfortunately, at the time of this writing, 
Metricom, the creator of the Ricochet network, has filed for Chapter n 
bankruptcy protection, and it isn’t clear whether the service will continue. 

The 802.nb wireless networking protocol is another way your mobile 
work force can get online, albeit in an ad hoc fashion. Wireless 802.nb 
networks are popular at technical conferences, and are being used to 
form community networks (for one example, see nocat.net). You might 
also run across 802.11b being used in coffee shops, airports, and hotels— 
though it’s certainly not as pervasive as cellular networks. 

But don’t forget the well-publicized problems with Soz.iib’s Wired 
Equivalent Privacy (WEP) security system. With the release of a toolkit 
called AirSnort, which can “sniff” WEP encryption keys, using 802.11b is 
like building your wiring closet out on the street: anyone can tap into 
the network and listen. 

If your employees are going to access confidential resources using 
8o2.nb, or transmit privileged passwords, they should always connect to 
your network using a VPN or an ssh tunneling connection. Even so, if an 
attacker were to compromise a user’s laptop, he or she could gain 
access to VPN resources or an ssh tunnel. Because of this threat, your 
users should run strong firewalls on their laptops, and always keep the 


operating system current with the most recent security patches. (This is 
a good idea even on traditional networks.) 

The Road Ahead 

where will cellular data networking go from here? In a world where even 
home users have grown accustomed to high speed broadband connectiv¬ 
ity, it seems unlikely that CDPD has much of a future unless its through¬ 
put can be improved. So-called Third Generation (3G) cellular networks 
promise higher bandwidth, but deployment in the United States has 
been slow, in part due to the varying infrastructures used by our numer¬ 
ous wireless carriers. It remains to be seen whether we can realistically 
expect transfer speeds from cellular networks in this country to compare 
to what we’re used to from traditional wired connections. 

Still, though, I’m spoiled by multimegabit connectivity. I find even the 
current performance of CDPD acceptable. I don’t mind its sluggishness 
when I’m surfing the Web. When I use the Venturi compression software, 
the 19.2Kbps CDPD link doesn’t seem too much slower than 56 Kbps dialup. 

And even if I have to wait awhile for pages to load, the payoff, of 
course, is the convenience. I’m still astounded that I can take my 
computer to the location of my choice (be it a coffee shop, a train, or 
the shoreline) and access the Internet. I’m sure that your organization’s 
mobile workers will appreciate the convenience of this nearly 
omnipresent form of wireless networking-once they learn to cope with 
its limitations. >< 

Sn'on is a writer for O'Reilly and Associates. You can follow his activities at 
www.jepstone.net or email him at bjepson(a)}epstone.net. 
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Unix on Apple 

Until recently, anyone in the computer industry 

would be entirely within their rights to assume 
you were crazy if you asked about server oper¬ 
ating systems from Apple computer. Previously, 
Apple’s only such product was the nearly 
unheard-of A/UX, But in 1996, Apple bought 
NeXT, and with it acquired OpenStep, a Mac- 
based workstation operating system. Apple has 
spent the intervening years redesigning Open- 
Step and integrating it with Apple’s existing 
operating system, resulting in the release of 
Mac OS X last September. Mac OS X Server is 
the server counterpart to the new Mac 05 . The 
result is a combination of Unix stability and 
mainstream application support. 

Not Your Father's Mac OS 

Mac OS X’s Unix foundation, code-named 
Darwin, is a slight variant of the FreeBSD tree, 
using a Mach 3.0-based kernel that guarantees 
I full buzzword compliance—including protected 
memory, symmetric multiprocessing, and 
preemptive multitasking. Open-source pundits 
will be pleased to learn that Apple has open- 
sourced the entire Darwin layer. It has even 
gone as far as hiring Jordan Hubbard, co¬ 
founder of the FreeBSD project and member of 
the FreeBSD core team, to manage Darwin. 

The server has two application layers, called 
Carbon and Cocoa, on top of Darwin. The Carbon 
layer lets you use classic Mac OS applications. 
Developers can choose to either leave their appli¬ 
cations as they are, requiring them to run in an 
emulated version of Mac OS 9, or Carbonize and 
recompile them, giving them all of the buzzword 
benefits of a full Mac OS X application. Cocoa, on 
the other hand, is Apple’s API set for the future. 
New applications written in Cocoa also receive all 
of the benefits of the Unix foundation. 

This gives current users of Mac OS X access 
to a tremendous variety of applications. 

System administrators will feel relatively at 
home; most any Unix library or utility compiles 
easily, and several well-known Unix applica¬ 
tions, like InterMapper, already have GUI front 
ends. The X on X project (www.sourceforge.net/ 
* projects/xonx) even has an X Windows server 


available. Recent builds of Apache, WebDAV, 

PHP, SSL, and the like are all included in the 
default installation. 

You can also run all of the productivity appli¬ 
cations you're used to, thanks to the compati¬ 
bility layer. This lets you run all currently 
shipping Mac OS applications, such as Adobe 
Photoshop and Illustrator, and Microsoft 
Office. The first program you install that 
requires the compatibility libraries loads them. 
After that, they’re shared by any applications 
that need them. Thankfully, RAM is cheap- 
figure on the compatibility libraries consuming 
an extra 50MB. But that’s a small price to pay 
for the ability to run all of your multimedia 
applications on the same box. Performance in 
the OS-in-an-OS is surprisingly good; many 
applications even show a speed increase. 

As if being able to run Photoshop and Apache 
side-by-side wasn’t an impressive enough feat, 
Mac OS X Server introduces another amazing 
trick, Apple has actually managed to provide a 
unified GUI for Unix administration tasks. This 
isn’t the “any color so long as it’s black” front 
end, a la linuxconf, that only serves for the 
most simplistic configuration needs. Apple’s 
Server Admin application can set up SSL, virtual 
hosts, NFS, and FTP-even Sendmail!—and the 
tool’s understanding of the configuration files 
is fairly robust, in the unlikely event that you 
need to make custom changes to a particular 
file, editing other settings with the GUI tool 
won’t clobber them later. 

A Test Installation 

I installed Mac OS X Server on a stock Power- 
Book G4 to test it. The default installation is 
suitable for almost any use, as it includes many 
major server applications as well as the entire 
BSD source code tree. I performed a fresh 
install, erasing the entire hard drive (always a 
good idea), and everything worked perfectly. 
Then the GUI installation tool asked ne the 
usual questions about my network setup, 
users, and localization settings. 

I then rebooted, intending to set up an MP3 
archive that would be available via AppleShare, 
FTP, NFS, and Windows File Sharing as a test of 
the GUI tools. (I figured that this would be an 
accurate example of a sysadmin or designer's 
day-to-day behavior.) I let the installer continue 
its work in the background while I lai nched 







Cons 


GUI a bit sluggish i 
at times; some - ”3 
applications must^ 
, run in an emuJated 
a environment. % 




Activating this share point for FTP, Windows, 
and NFS took an additional click each, though 
of course, additional options are available if 
you want to fine tune a given service. 

After connecting as the owner-user via FTP, 1 
turned to my Linux server and started copying 
a few gigabytes of MP3S to the server. I then 
walked down the hall and opened up a Network 
Neighborhood window, double-clicked a music 
file at random and listened to an album while 
the FTP transfer completed. The total time 
since removing the installation CD couldn’t 
have been more than fifteen minutes. 

I moved on, sharing printers with LPR and 
Windows services, configuring an IMAP server, 
and Sendmail, I’ve done all of this by hand, and 
I kept expecting something to break. Nothing 
did. I felt like I was living in a scripted demo, 
but I was in my office and didn’t see any 
cameras. I was genuinely impressed. 

This isn’t to say that everything is roses. 
Apple’s GUI, Aqua, is very pretty but sluggish, 

A decent LDAP server, such as OpenLDAP, is 
conspicuously missing (though easy enough 
to install). 

Overall, this is a great OS if you want an 
easily configured mail, Web. and file server, or 
if you want a dedicated server for the Web or 
media (using the included Apple QuickTime 
Streaming Server). Apple’s hardware is more 
expensive than a cheap Pentium, but the 
convenience of this elegant GUI makes up for 
; the cost in time. And as an added bonus, the 
Server Admin tool can configure remote 
computers. Alternatively, a designer may find it 
a boon to have SSL and Apache on his or her 
local computer for testing, particularly once 
the GUI is faster. 

I —yoshua Marker 

Joshua is a San Francisco-based developer. He has 
j worked with Linux, Solaris, and BSD, and now he 


Server Admin. I clicked the Sharing button and 
used the familiar navigation dialog to create a doesn't run anything hut Mac OS X Server. You 
new folder, selecting appropriate permissions. : can reach him ot yoshuaf 5 )med/ca/host,com. 
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I VMware CSX Server l.o for ImBHI 
Windows NT/2000 

VMware 

www.vmware.com 

$2499 online, $2550 boxed. 

VMs For the Masses 

with the release of its Workstation product 

line, VMware freed up a whole class of users 
who, because of their professions or computing 
requirements, were stuck in a dual boot night¬ 
mare. VMware was amazing technology: Unix 
administrators like me could run Windows in 
windows on their boxes; software developers 


could test their software on multiple platforms 
simultaneously on the same machine; and no- 
one compromised stability. CSX Server logically 
extends these concepts, but is focused on 
running multiple virtual machines on small- 
and mid-range servers. 

Virtual machines have been around for a 
longtime on mainframes and larger 
enterprise/Midframe architectures, and they’re 
slowly coming to the smaller machines. The 
User-mode Linux Kernel project (user-mode- 
linux.sourceforge.net) leads the way in the 
open-source arena, but CSX Server is the first 
commercial product to let you employ multi¬ 
platform VMs on Windows NT/2000. 

Much like the Workstation product line, CSX 
Server uses this virtual machine technology to 
mediate between the host and guest operating 
systems, controlling the resources that the 
guests see. This means that to the host, each 
virtual machine is merely a process. So for 
example, a guest can’t crash the host even if it 
dies in the most hideous of fashions. CSX 
Server is split in the middle: the application’s 
back end (the virtual server) and the portion 
that emulates the virtual machine’s user inter¬ 
face (the console) are separated, both concep¬ 
tually and as code. Throw in a networking layer 
and you now have the guest systems running 
in their virtual servers on the host and the 
remote consoles running, well, wherever you 
are and on whateveryou're running (the Remote 
Console comes in both Linux and Windows 
flavors). As with Workstation, VMs can be 
created, deleted, and managed from the screen 


and keyboard of the host itself or, new to CSX 
Server, from the fully functional Web interface. 

Installation is straightforward. Install the 
server software itself, and then the Web 
management interface (this requires you to 
install a Web server beforehand, lest it moan). 
Now you create VMs, a process more or less 
identical to that used in Workstation. A wizard 
talks you through the setup. Then, simply 
power up the VM and install the guest operating 
system. CSX Server can run in one of two 
modes for each VM, either standalone mode 
(used to set up/maintain the VM as described 
above—people can’t connect remotely when 
running like this) or server mode, which is more 


or less analogous to running as a daemon. The 
only way to connect to VMs in this state is with 
the Remote Console application. 

With the Web-based management interface, 
you can do almost everything that can be done 
by sitting at the screen of the actual host box, 
and some things that can’t. You can create, 
start, stop, and delete the virtual machines, as 
well as view statistics for VM loads, uptimes, 
and logs. What’s extremely tasty is that the 
management interface is built around Perl, and 
includes all modules pertaining to the Server. 
By using Perl and documenting the interface, 
you can write scripts for automation, notifica¬ 
tion, fail over, and a wealth of other occur¬ 
rences. It also allows easy integration with 
monitoring tools, like 5 P 0 NG or Big Brother. 

Security 

As the Remote Console and Web interface let 
users reset, restart, or shutdown a VM, access 
must be concisely controlled. Users authenti¬ 
cate against a host OS, and then available 
functionality is based on file permissions for 
each VM’s configuration file. For example, a 
user with full access to a VM file can reset or 
power it off, where as a read-only access user 
could only connect to the console and work 
with the 05 inside. Remote Console authenti¬ 
cation is curious; usernames are sent in plain¬ 
text, but the passwords are hashed. The 
internal communications between the server 
and console are sent in plaintext as well. 
Interestingly, one can use telnet to connect to 
the server on the appropriate port and send the 


Pms Cons 

^ Minor security 
Ifeefui flaws with the Web- 
based management 
^ interface. 


password over in plaintext too. As I said, the 
Remote Console doesn’t do this, but it makes 
you wonder why this option remains. It would 
be far more preferable if all communication 
were obfuscated or encrypted. However, the 
Web interface is worse; all user logins are sent 
to the site as plaintext. Although users’ pass¬ 
words are encrypted before they’re sent to the 
server, and this can be changed with a little 
work in the IIS config, it would have been nicer 
to see SSL applied by default. Without It, you can 
sniff for passwords, not only those that pertain 
to each VM, but ultimately to host as well. 

Performance 

As you might expect, CSX Server eats RAM 
and CPU like nothing else, with the emphasis 
on CPU. VMware recommends running no more 
than four VMs per processor, and architectur¬ 
ally you’re limited to a total of four processors 
in the host. However, my testing indicated that 
two is a more reasonable figure unless you 
have a very fast 2 or 4-way system with bags 
of cache. The host OS manages priority for the 
VMs, but it’s tuneable on a per VM basis. A 
headless Linux 2.4.4 VM running Apache 
compared favorably to a similarly spec’d real 
machine when only the one VM was on. Adding 
an idling Windows 2000 Server impacted 
performance severely. This was to be expected 
as the test machine, with a gigabyte of RAM 
and an SCSI RAID 5 array, only had one processor. 
CPU is definitely the bottleneck. 

CSX Server is a fantastic product and will 
find a welcome place in the ISP/ASP environ¬ 
ment where physical space is at a premium, or 
indeed anywhere where server consolidation is 
required. I’m disappointed with some of the 
security aspects. However, problems that arise 
from this can be contained with Web server 
modification and adequate planning. I recom¬ 
mend CSX Server i.o. 

—Stephanos Gosling 

Stephanos is the head of Unix and network 
administration at the London office of/-D Media 
AG, one of Europe's largest new media agencies. 
Reach him at stephanos.gosiing 0 i-dmedia.com. 


GSX Server is the first commercial 

product to let you employ multiplatform 
VMs on Windows NT/2000. 
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^ * Web Protocols and practice^^^- *“ 

i By Balachander Krishnamurthy and 
Jennifer Rexford 

j Addison-Wesley, 200i, 642pp. 

$49.99 

An Essential Technical 
Reference for Web Developers 

Those of you who follow this column regularly 

may have picked up on some patterns. For 

instance, I praise 
concise books and 
criticize bloated 
ones. Occasionally, a 
book that's especially 
well written, inform¬ 
ative, unique, and 
timeless earns my 
designation as a 
Bookshelf Book—a 
\ book that belongs on your closest shelf. 

I Balachander Krishnamurthy and Jennifer 
i Rexford’s Web Protocols and Practice is, without 

I 

I a doubt, a Bookshelf Book. At first, it may not 
’ be clear how this book qualifies. Its topics 
I seem somewhat scholarly, and it has been set 
I in the TeX typefaces that usually indicate an 
I academic publication. Of course, “academic 
i publication” often translates to “boring." 

I In this case, such a knee-jerk assessment 
’ would be foolhardy. Web Protocols and Practice 
I is a well-written account of the Web’s technical 
i history that’s the most comprehensive and 
i authoritative reference I’ve seen for Web devel- 
i opers at all levels. 

i HTTP and Rrtated Protocols 

Developers need a fundamental understanding 

j of how the Web works. CGI and servlet pro- 

[ 

I grammers must know what the various HTTP 
f headers are and how to interpret them. Web 
\ administrators, and even site designers, should 
understand the various Web caching and deliv- 
1 ery mechanisms, so they can optimize server 
i and site performance. 

Previously, the only way to obtain thorough 
information on these fundamentals was to 
; search through RFCs, W3C mailing list archives, 

: and other obscure sources, then reconstruct 
i the information. Krishnamurthy and Rexford’s 
\ book obviates this need. 

The authors write that the Web consists of 
three semantic components: HTML, URIs, and 


HTTP. Although they briefly discuss URIs, they 
focus almost entirely on HTTP and related 
protocols. 

First and foremost, the book serves as a 
reference on HTTP. However, it’s not simply an 
encyclopedic description of HTTP’s various 
commands and headers, which in Itself would 
be somewhat useful. The book also includes a 
broad analysis and discussion of the proto¬ 
col’s dependencies and dependents. 
Mechanisms for caching, for example, depend 
on the capabilities of the transfer protocol. 
Similarly, HTTP performance is closely tied to 
the capabilities of TCP, the underlying trans¬ 
port protocol. 

I was particularly surprised by how TCP’s 
design significantly influences Web network 
performance. The authors go into considerable 
detail describing how TCP works, and more 
importantly, how TCP interacts with HTTP. 

Performance 

Not surprisingly, the authors are particularly 
concerned with issues related to Web perform¬ 
ance, In addition to sections on caching and 
network performance, they also devote a chap¬ 
ter to distributing computing load. 

This chapter is the most mathematical in 
the book. A primary difficulty with under¬ 
standing performance is figuring out how to 
measure it. This is no simple matter, because 
of the wide variety of dependencies that 
affect performance. 

One of these dependencies is the workload 
of the machines on which server software 
resides. The authors present several different 
quantitative models for measuring Web 
workload. 

The last section of the book explores 
research Issues, many of them related to 
caching and performance. The authors admit 
that their own biases as researchers are 
reflected throughout this section. I had no 
problems with author bias here. However, while 
I found it interesting to read about the current 
directions of Web research, and useful to 
understand different approaches for solving 
existing challenges, the target audience for this 
particular section is somewhat narrow. 

On the other hand, readers won’t find the 
other sections on performance too obscure, 
even some of the more mathematical ones. 
Most descriptions of Web performance that I’ve 
read in books tend to be too high level. It’s 
likely this is because the people who best 


understand Web performance—people involved 
with dot-coms that have very high amounts of : 
traffic-have a proprietary interest in keeping 
their knowledge to themselves. Krishnamurthy i 
and Rexford fill an important niche by provid¬ 
ing greater technical detail about the Web 
performance problem. 

A Technical Account of the 
Web's Evolution I 

j 

While the book’s coverage of related Web 1 

protocols is exceptional, its strength is in its | 
coverage of HTTP, especially version 1.1. The 
authors’ account of HTTP’s technical evolution 
is a compelling story that belies the book’s dry, | 
i technical veneer. ? 

( if 

s After all, human beings create protocols, | 
and most things that humans do are bound I 
to produce interesting stories. The problems 1 
f with HTTP version i.o were abundantly clear. ; 
However, coming up with a standard solution ■ 
that addressed these technical issues pres- : 

ented challenges of a human nature. Sped- ? 
fically, the W3C had to balance technical and 
standardization interests with backward- 
compatibility issues that resulted from 
proprietary and de facto implementations of 
HTTP extensions. 

These are important lessons to learn, and i 

while the authors discuss these struggles with¬ 
out going into a lot of detail, they give human 
elements their due. This explanation, in turn, 
makes the motivation behind the design of 
HTTP 1,1 that much clearer. : 

The book makes an ideal reference book, but ‘ 
you can also read it cover-to-cover. When I first , 
began reading it, I thought I’d skim through \ 
the more basic descriptions of the Web, and ’ 
focus on some of the weightier chapters. That i 
never happened, as I found the authors’ more , 
! fundamental chapters very concise, good 
refreshers, and surprisingly enjoyable to read, j 
; That said, you won’t find me curling up with 
’ this book on a cold, winter evening rereading 
^ the sections on the social dangers of cookies. 
Web Protocols and Practice has, however, won a 
spot on my bookshelf as the authoritative s 
technical reference on the Web. >< 


I Eugene writes, programs, and consults on a free' 
lance basis. He is currently writing a book on the 
history of free software, entitied Software, 
f Money, and Liberty: How Source Code Became 
Free. You can reach him at eekim(a)eekim.com. 
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to power your digital video projects. 
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Online customer service doesn’t have to involve expensive CRM software and 
call centers. PlanetFeedback.com says sometimes all you have to do is listen. 


ACCESS 



A Discussion with 
PlanetFeed back's 
Aaron Roth 







“The Internet creates smarter, stronger consumers,” 

declares the preamble to PlanetFeedback,corn's Consumer 
Manifesto. The site itself is a kind of customer feedback 
aggregator, designed to help consumers send both compli¬ 
ments and complaints to all types of businesses. On the 
B2B side, PlanetFeedback helps businesses analyze and 
react to feedback they receive. Web Techniques asked Aaron 
Roth, PlanetFeedback’s director of product development, 
how the Web fits into the future of customer service, both 
online and off. 

WT: How has the Internet changed the way businesses 
interact with their customers? 

AR: The Internet lets companies capture information— 
easily, quickly, flexibly, and in detail—very inexpensively. 
They can learn more from consumers, test more concepts 
in a shorter amount of time, interact with more depth 
and frequency, and provide 24-7-365 customer service- 
all within the same budget. If you compare this with 
traditional off-line focus groups, polling, and sampling, 
the Internet has a clear advantage. An added benefit is 
that Internet users who interact with a brand online are 
often the consumers who exert a disproportionate word- 
of-mouth influence on the rest of the market. 

WT: So PlanetFeedback’s role is to help existing 
1 businesses—whether online or brick-and-mortar—take 
advantage of the Web to enhance their customer service. 

AR: Exactly. We believe the Internet is an important channel 
that enables brick-and-mortar businesses to learn from and 
interact with consumers. PlanetFeedback uses technology 
i to automate information gathering, collect feedback, 
j segment consumers, analyze root causes, and route or 
: suggest actions. 

f 

\ WT: But might not some consumers view automation and 
\ good customer service as opposites? 

I AR: We’re in the business of automating and structuring 
’ good customer service, which aren’t opposites when 
applied correctly. Some functions can be automated well, 
others cannot—yet. We don’t think technology is ready to 
replace the customer service representative, but it 
certainty adds speed, ease-of-use, flexibility, and intelli¬ 
gence to the process. 

: WT: Why should site operators focus on customer feed¬ 
back? What about using other technologies, like personal- 
, ization, to enhance user experience? 

■ AR: Customer service, in any form, can be a highly emo- 
I tional process, and companies that rush to cut costs 


through mass personalization can make the online | 

experience even less personalized and less friendly than ' 
before. Adding Web-enabled feedback is most Important 
for premium, high-end service brands. Feedback from the 
Web is tike a continuous, real-time focus group, with reac¬ 
tions that are both negative and positive. PlanetFeedback 
specializes in handling positive and negative emotions 
appropriately during the feedback process. When con¬ 
sumers express themselves more clearly, companies ! 

respond more intelligently. | 

I 

WT: What does the infrastructure look like for all of this? I 

AR: We’re 90 percent Sun Solaris-based, with the remaining i 
10 percent Windows NT on Compaq hardware. Our core 
ExpressFeedback utility is a custom-built )2EE application. 

We chose WebLogic as the application server due to its J2EE ^ 
feature set and market-leading stature. Much of the func¬ 
tionality on the consumer site is home-built with Vignette— 
we consciously built components on top of solid platforms, 
to allow completely customized behavior. Everything sits on 
top of an Oracle database. 

We’ve built a fairly flexible (and more importantly, exten¬ 
sible) delivery mechanism for the data in our system. Most 
CRM platforms can already handle simple integrations, and ; 
we can easily hook into those. For more advanced CRM inte- : 
gration, some custom development is necessary; but, the 
technical hurdles aren’t significant. One of the worst ^ 

mistakes you can make is to assume, when designing and 
developing a system, that you will always be the end user 
of your code. Write using open standards, such as J2EE and 
XML/X 5 LT; you’ll find that it’s much easier to integrate with 
anyone, including closed systems. 


WT: So as an online business itself, what measures 
has PlanetFeedback.com taken to give better customer 
service? 

AR: We use our own tools. We use ExpressFeedback to ^ 
handle our own consumer feedback. Our consumer expe- S 
rience director meticulously reviews monthly feedback 
analysis and consumer satisfaction surveys to spot trends 
and opportunities. We use ExpressFeedback internally to 
route consumer insights intelligently. Particularly angry 
consumers are routed automatically to a retention 
process, and consumers who provide compliments are 
routed into an ambassador program. Every complaint 
and compliment through ExpressFeedback teaches us 
something, helps us understand our own customers, and 
helps us build better relationships with them. We 
routinely upgrade our site based on our users’ sugges¬ 
tions and ideas, >< 
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But we're not just another hosting company 

DataPipe has a 98% Client Retention Rate. Because we are a profitable, privately held, 
employee owned company, we have a vested interest in your success that others simply do 
not. In a challenging market we have achieved stability and consistent growth by staying 

focused on client satisfaction. 


At DataPipe, there are no automated attendants. You’re 

connected with real people ready to provide support 24 Featured Dedicated Server Solutions 

hours a day, seven days a week, 365 days a year, with your choice of Windows 2000, FreeBSD or RedHat 

an average hold time of less than a minute. Linux. Servers can be configured to your 


We offer a state of the art data center powered by a rock 
solid, lightning fast and fully redundant network. Our 
network is built on a Dual OC192 Backbone and a Gigabit 
Fiber Optic Infrastructure featuring Juniper Routers as 
well as Cisco and Extreme Switches. Utilizing direct 
access to each of the major backbone providers, we 
deliver mission-critical speed and reliability. And by 
providing generous bandwidth allowances as well as the 
latest technology at lower prices than our competitors, 
our services come at an unbeatable value. 


specifications. Call for a quick quote! 1-877-773-3306 


Fast Start 


30GB Hard Drive, 256 MB RAM, Intel P3 1 GHz 
Processor, 50 GB Data Transfer, 10 IPS 

UNIX $295 per month, WIN2K $345 per month 


Business 


From our secure location, DataPipe delivers dependable 


Dual 9 GB SCSI Hard Drives, 512 MB RAM, Intel P3 
1 GHz Processor, 75 GB Data Transfer, 20 IPS 

UNIX $395 per month, WIN2K $495 per month 


performance through a number of redundant subsystems: 
multiple fiber trunks from multiple sources, fully redundant 


Corporate 


power on the premises and multiple backup generators. 
This allows us to provide you with our 99.99% network 
uptime guarantee. 


Dual 18 GB SCSI Hard Drives, 1 GB RAM, Intel P3 
1 GHz Processor, 100 GB Data Transfer, 30 IPS 

UNIX $520 per month, WIN2K $625 per month 


Experience the unique support, value and 
services that only DataPipe can provide. 


Enterprise 



Compaq DL380. Four 18 GB SCSI Drives, 1 GB RAM, 
Dual Intel P3 1 GHz Processors, 200 GB Data Transfer, 
50 IPS 

UNIX $895 per month, WIN2K $995 per month 


Talk to us about Managed Solutions, Firewall Security, 
VPN, Clustering, Load Balancing, Storage Solutions 


















Reach new profits, 
new customers and 
New Zealand. 


SIGN UP FOR OUR WEB HOSTING SOLUTIONS AND SAVE UP TO $850* 


Want to reach your goals? Try reaching out, with Interland. A leading provider of business-class hosting for small to medium 
size businesses. We'l! help you reach new profits, new markets and newly found success. How? With an extraordinary range 
of online tools. Everything from Web hosting to e-commerce to marketing support. And if you call today, you'll save up to 
$850. So help your business reach its full growth potential. And help yourself to $850. 


Give your online business room to grow with our shared and dedicated Web hosting plans. 


INTERLAND'S TRUE ADVANCED PLAN 


• Disk storage 300 MB 

• Monthly transfer 10 GB 

• 50 POP e-mail boxes 

• Free installation 

• Free month of hosting 

• Free site FTP 

• Interland's True Advanced Shared Plan 
starting at $49.95/mo. 

SAVE UP TO $200 


Call Interland at 1-866-279-0490 


INTERLAND'S ACCELERATOR 100 PLAN 


• Disk storage 18 GB hard drive 

• Monthly transfer 30 GB 

• 150 PcSp e-mail boxes 

• Free installation 

• 3 mo. Free Web Trends: Analysis and 
reporting for optimal Web site management 

• Interland's Accelerator 100 Dedicated Plan 
starting at $549.95/mo. 

SAVE UP TO $850* 


or visit lnterland.com 


* Interfand's True Advanced Shared Plan savings vafid only on a 24 mo account with a monthly minimum of $49.95. Interland s 
Accelerator 100 Dedicated Pfan savings valid only on a 12 mo, account with a monthly minimum of $549.95. Offer valid 
until 12/17/01, Promotions cannot be combined with any other Interland offers. Subject to credit approval, availability 
and other terms and conditions available on lnteriand.com. ©2001 Interland, Inc. All Rights Reserved. 
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